PT-2024-26627 · Hugging Face · Huggingface/Transformers
Name of the Vulnerable Software and Affected Versions: huggingface/transformers affected versions not specified Description: The issue allows for arbitrary code execution through deserialization of untrusted data within the load repo checkpoint function of the TFPreTrainedModel class. Attackers c...