6 matches found
CVE-2025-3777 vulnerabilities
Vulnerabilities for packages: text-generation-inference, nemo...
CVE-2025-3777
An input validation flaw has been discovered in the Hugging Face Transformers library. Given an attacker can feed in a url, an application using the transformers library may present what appears to be a YouTube link, but actually routes to a malicious domain. Mitigation Mitigation for this issue ...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1815 more potentially affected by CVE-2025-3777 via transformers (>=2.10.0 <=4.52.0)
transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3777 Source advisory: OSV:GHSA-PHHR-52QP-3MJ4...
CVE-2025-3777
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
CVE-2025-3777 Improper Input Validation in huggingface/transformers
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...
CVE-2025-3777
CVE-2025-3777 : In Hugging Face Transformers, versions up to 4.49.0 are affected by improper input validation in image_utils.py due to insecure URL validation with startswith(), bypassable via URL username injection. Attackers could craft URLs that appear to be from YouTube but resolve to malicio...