6 matches found
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)
Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-2099]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an issue where the regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-2099 via transformers (>=2.10.0 <=4.4.2)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-2099 Source advisory: OSV:GHSA-QQ3J-4F4F-9583...
CVE-2025-2099
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...
CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...