Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a vulnerable regex pattern in the DonutProcessor.token2json method, which allows an attacker to craft malicious input causing excessive CPU consumption through catastrophic backtrackin...

CVE-2025-3933 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.50.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...