Lucene search
K

6 matches found

Chainguard
Chainguard
added 2025/07/11 7:16 p.m.17 views

CVE-2025-3777 vulnerabilities

Vulnerabilities for packages: text-generation-inference, nemo...

3.5CVSS6.1AI score0.00329EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/07/07 5:28 p.m.5 views

CVE-2025-3777

An input validation flaw has been discovered in the Hugging Face Transformers library. Given an attacker can feed in a url, an application using the transformers library may present what appears to be a YouTube link, but actually routes to a malicious domain. Mitigation Mitigation for this issue ...

3.5CVSS3.7AI score0.00329EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/07/07 12:30 p.m.7 views

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1815 more potentially affected by CVE-2025-3777 via transformers (>=2.10.0 <=4.52.0)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3777 Source advisory: OSV:GHSA-PHHR-52QP-3MJ4...

3.5CVSS5.8AI score0.00329EPSS
Exploits1
NVD
NVD
added 2025/07/07 10:15 a.m.5 views

CVE-2025-3777

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...

3.5CVSS0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/07 9:55 a.m.9 views

CVE-2025-3777 Improper Input Validation in huggingface/transformers

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...

3.5CVSS0.00329EPSS
Exploits1References2
CVE
CVE
added 2025/07/07 9:55 a.m.111 views

CVE-2025-3777

CVE-2025-3777 : In Hugging Face Transformers, versions up to 4.49.0 are affected by improper input validation in image_utils.py due to insecure URL validation with startswith(), bypassable via URL username injection. Attackers could craft URLs that appear to be from YouTube but resolve to malicio...

3.5CVSS4AI score0.00329EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder