Lucene search
+L

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:56 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)

Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...

7.5CVSS5.5AI score0.00507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 10:30 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring...

7.5CVSS7.1AI score0.00507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/28 3:11 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-2099]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an issue where the regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large...

7.5CVSS5.5AI score0.00507EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2025/05/19 12:30 p.m.8 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-2099 via transformers (>=2.10.0 <=4.4.2)

transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-2099 Source advisory: OSV:GHSA-QQ3J-4F4F-9583...

7.5CVSS6AI score0.00507EPSS
Exploits1
NVD
NVD
added 2025/05/19 12:15 p.m.22 views

CVE-2025-2099

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

7.5CVSS0.00507EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/19 11:22 a.m.12 views

CVE-2025-2099 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

5.3CVSS5.4AI score0.00507EPSS
Exploits1References2
Rows per page
Query Builder