12 matches found
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-1194]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, caused by a regex exhibiting exponential complexity under certain conditions with specially crafted inputs, leading to excessive backtracking CVE-2025-1194. Huggingface/transformers is...
Security Bulletin: IBM watsonx Code Assistant On Prem product impacted by Input Handling Vulnerability in Transformers 4.49.0
Summary A vulnerability CVE-2025-1194 has been identified in the Transformers Python package version 4.49.0, which impacts the IBM watsonx Code Assistant On-Premises product. The issue arises from improper input validation during model configuration loading, which may allow attackers to execute...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2025-1194
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2025-1194. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of Service...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]
Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...
CVE-2025-1194 vulnerabilities
Vulnerabilities for packages: tritonserver-backend-tensorrtllm-24.04...
CVE-2025-1194
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1691 more potentially affected by CVE-2025-1194 via transformers (>=2.10.0 <=4.4.2)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-1194 Source advisory: OSV:GHSA-FPWR-67PX-3QHX...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1595 more potentially affected by CVE-2025-1194 via transformers (>=4.0.0 <=4.4.2)
transformers PYPI version =4.0.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.0, =0.1.1 and more Source cves: CVE-2025-1194 Source advisory: SNYK:PYTHON-TRANSFORMERS-9904725...
CVE-2025-1194 Regular Expression Denial of Service (ReDoS) in huggingface/transformers
A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...
CVE-2025-1194
CVE-2025-1194 – ReDoS in HuggingFace Transformers (GPT-NeoX-Japanese SubWordJapaneseTokenizer) The CVE describes a Regular Expression Denial of Service in the HuggingFace transformers package, specifically in tokenization_gpt_neox_japanese.py (GPT-NeoX-Japanese model). The vulnerability arises fr...