Lucene search
+L

231 matches found

osv
osv
added 2024/04/10 6:30 p.m.41 views

GHSA-37Q5-V5QM-C9V8 Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS5.4AI score0.02067EPSS
Exploits2References4
github
github
added 2024/04/10 6:30 p.m.39 views

Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS8.7AI score0.02067EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2024/04/10 5:15 p.m.40 views

CVE-2024-3568

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS5.3AI score0.02067EPSS
Exploits2References2
vulnrichment
vulnrichment
added 2024/04/10 5:7 p.m.22 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS8.5AI score0.02067EPSS
Exploits2References2
cve
cve
added 2024/04/10 5:7 p.m.118 views

CVE-2024-3568

The CVE-2024-3568 issue affects the Hugging Face Transformers library, where an unsafe deserialization in TFPreTrainedModel.load_repo_checkpoint() uses pickle.load() on data from untrusted sources, enabling remote code execution via a malicious checkpoint. Documented impact targets Transformers v...

9.6CVSS8.4AI score0.02067EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2024/04/10 5:7 p.m.49 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS5.6AI score0.02067EPSS
Exploits2References2
osv
osv
added 2024/04/10 5:7 p.m.26 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS6.9AI score0.02067EPSS
Exploits2References4
veracode
veracode
added 2023/12/22 6:58 a.m.18 views

Insecure Deserialization

huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...

8.8CVSS7.6AI score0.00921EPSS
Exploits1References4Affected Software1
osv
osv
added 2023/12/20 6:30 p.m.20 views

GHSA-V68G-WM8C-6X7J transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

7.8CVSS7.7AI score0.00727EPSS
Exploits1References5
github
github
added 2023/12/20 6:30 p.m.66 views

transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS7.1AI score0.00727EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2023/12/20 5:15 p.m.20 views

CVE-2023-7018

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS0.00727EPSS
Exploits1References2
pypa
pypa
added 2023/12/20 5:15 p.m.6 views

PYSEC-2023-301

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS6.7AI score0.00727EPSS
Exploits1References5Affected Software1
prion
prion
added 2023/12/20 5:15 p.m.18 views

Deserialization of untrusted data

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

6.8CVSS7AI score0.00727EPSS
Exploits1References2Affected Software1
osv
osv
added 2023/12/20 5:15 p.m.19 views

PYSEC-2023-301

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

7.8CVSS7.6AI score0.00727EPSS
Exploits1References5
cve
cve
added 2023/12/20 4:13 p.m.71 views

CVE-2023-7018

Technical details about CVE-2023-7018 are not publicly disclosed in the provided documents. No affected products/versions or exploit information are included. Monitor for updates from the listed sources and corroborating advisories.

9.6CVSS7.8AI score0.00727EPSS
Exploits1References2Affected Software1
osv
osv
added 2023/12/20 4:13 p.m.11 views

CVE-2023-7018 Deserialization of Untrusted Data in huggingface/transformers

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS7.1AI score0.00727EPSS
Exploits1References4
pypa
pypa
added 2023/12/19 1:15 p.m.6 views

PYSEC-2023-300

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9CVSS6.7AI score0.00921EPSS
Exploits1References3Affected Software1
osv
osv
added 2023/12/19 1:15 p.m.20 views

PYSEC-2023-300

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

8.8CVSS8.7AI score0.00921EPSS
Exploits1References3
cve
cve
added 2023/12/19 12:11 p.m.65 views

CVE-2023-6730

The CVE-2023-6730 issue affects the Hugging Face transformers library and is caused by deserialization of untrusted data in the package prior to version 4.36. Specifically, untrusted input could be deserialized during normal operation of transformers, leading to potential impact as described in t...

9CVSS8.7AI score0.00921EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/12/19 12:11 p.m.30 views

CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9CVSS9AI score0.00921EPSS
Exploits1References2
Rows per page
Query Builder