3 matches found
ai4data (=0.0.1), aihero (=0.3.1) +37 more potentially affected by CVE-2024-3924 via text-generation (>=0.6.1 <=0.7.0)
text-generation PYPI version =0.6.1, =3.0.0, =0.114.0, =0.0.1a7, =0.3.6.dev0, =0.0.1a8, =0.14.3, =2.0.0, =0.0.2, =0.1.4, =0.1.0, =0.1.10, =0.1.14 and more Source cves: CVE-2024-3924 Source advisory: OSV:GHSA-QQ99-P57R-G3V7...
CVE-2024-3924 Code Injection in huggingface/text-generation-inference
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
CVE-2024-3924
The CVE-2024-3924 issue affects hugggingface/text-generation-inference across versions up to 2.0.0 and was fixed in 2.0.0. It stems from insecure handling of github.head_ref in the autodocs.yml workflow, where user input is used to dynamically build a command to install software. An attacker coul...