2 matches found
CVE-2024-3568
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
PT-2024-26627
Name of the Vulnerable Software and Affected Versions huggingface/transformers affected versions not specified Description The issue allows for arbitrary code execution through deserialization of untrusted data within the load repo checkpoint function of the TFPreTrainedModel class. Attackers can...