Lucene search
+L

232 matches found

CVE
CVE
added 2024/04/16 12:0 a.m.148 views

CVE-2024-1561

Gradio 4.3–4.12 contains a local file read vulnerability by abusing the /component_server endpoint to invoke methods on a Component (via move_resource_to_block_cache), enabling an attacker to copy and read files on the host. Impact includes potential exposure of secrets (API keys, env vars) espec...

7.5CVSS6AI score0.09239EPSS
In wildExploits4References3Affected Software1
OSV
OSV
added 2024/04/10 6:30 p.m.41 views

GHSA-37Q5-V5QM-C9V8 Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS5.4AI score0.02067EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2024/04/10 6:30 p.m.39 views

Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS8.7AI score0.02067EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2024/04/10 5:15 p.m.40 views

CVE-2024-3568

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS5.3AI score0.02067EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.22 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS8.5AI score0.02067EPSS
Exploits2References2
CVE
CVE
added 2024/04/10 5:7 p.m.119 views

CVE-2024-3568

The CVE-2024-3568 issue affects the Hugging Face Transformers library, where an unsafe deserialization in TFPreTrainedModel.load_repo_checkpoint() uses pickle.load() on data from untrusted sources, enabling remote code execution via a malicious checkpoint. Documented impact targets Transformers v...

9.6CVSS8.4AI score0.02067EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.52 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS5.6AI score0.02067EPSS
Exploits2References2
OSV
OSV
added 2024/04/10 5:7 p.m.27 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS6.9AI score0.02067EPSS
Exploits2References4
Veracode
Veracode
added 2023/12/22 6:58 a.m.18 views

Insecure Deserialization

huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...

8.8CVSS7.6AI score0.00921EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/12/20 6:30 p.m.20 views

GHSA-V68G-WM8C-6X7J transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

7.8CVSS7.7AI score0.00727EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/12/20 6:30 p.m.67 views

transformers has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS7.1AI score0.00727EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/12/20 5:15 p.m.22 views

CVE-2023-7018

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS0.00727EPSS
Exploits1References2
PyPA
PyPA
added 2023/12/20 5:15 p.m.6 views

PYSEC-2023-301

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS6.7AI score0.00727EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2023/12/20 5:15 p.m.19 views

Deserialization of untrusted data

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

6.8CVSS7AI score0.00727EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/20 5:15 p.m.19 views

PYSEC-2023-301

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

7.8CVSS7.6AI score0.00727EPSS
Exploits1References5
OSV
OSV
added 2023/12/20 4:13 p.m.11 views

CVE-2023-7018 Deserialization of Untrusted Data in huggingface/transformers

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9.6CVSS7.1AI score0.00727EPSS
Exploits1References4
CVE
CVE
added 2023/12/20 4:13 p.m.74 views

CVE-2023-7018

Technical details about CVE-2023-7018 are not publicly disclosed in the provided documents. No affected products/versions or exploit information are included. Monitor for updates from the listed sources and corroborating advisories.

9.6CVSS7.8AI score0.00727EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2023/12/19 1:15 p.m.6 views

PYSEC-2023-300

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9CVSS6.7AI score0.00921EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/12/19 1:15 p.m.22 views

PYSEC-2023-300

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

8.8CVSS8.7AI score0.00921EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/12/19 12:11 p.m.30 views

CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...

9CVSS9AI score0.00921EPSS
Exploits1References2
Rows per page
Query Builder