231 matches found
GHSA-37Q5-V5QM-C9V8 Transformers Deserialization of Untrusted Data vulnerability
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
Transformers Deserialization of Untrusted Data vulnerability
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568
The CVE-2024-3568 issue affects the Hugging Face Transformers library, where an unsafe deserialization in TFPreTrainedModel.load_repo_checkpoint() uses pickle.load() on data from untrusted sources, enabling remote code execution via a malicious checkpoint. Documented impact targets Transformers v...
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
Insecure Deserialization
huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...
GHSA-V68G-WM8C-6X7J transformers has a Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
transformers has a Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-7018
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-301
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
Deserialization of untrusted data
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-301
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-7018
Technical details about CVE-2023-7018 are not publicly disclosed in the provided documents. No affected products/versions or exploit information are included. Monitor for updates from the listed sources and corroborating advisories.
CVE-2023-7018 Deserialization of Untrusted Data in huggingface/transformers
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-300
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-300
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-6730
The CVE-2023-6730 issue affects the Hugging Face transformers library and is caused by deserialization of untrusted data in the package prior to version 4.36. Specifically, untrusted input could be deserialized during normal operation of transformers, leading to potential impact as described in t...
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...