GHSA-PHHR-52QP-3MJ4 Transformers's Improper Input Validation vulnerability can be exploited through username injection
Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...