Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2024/04/12 9:8 a.m.17 views

Arbitrary Code Execution

transformers is vulnerable to Arbitrary Code Execution. This vulnerability is due to the deserialization of untrusted data within the loadrepocheckpoint function in the TFPreTrainedModel class, where attackers can exploit the use of pickle.load on data from potentially untrusted sources to execut...

3.4CVSS8.2AI score0.24427EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blogadded 2024/04/10 6:30 p.m.26 views

Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS8.7AI score0.24427EPSS
Exploits2References4Affected Software1
OSV
OSVadded 2024/04/10 6:30 p.m.39 views

GHSA-37Q5-V5QM-C9V8 Transformers Deserialization of Untrusted Data vulnerability

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS5.4AI score0.24427EPSS
Exploits2References4
NVD
NVDadded 2024/04/10 5:15 p.m.16 views

CVE-2024-3568

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

9.6CVSS5.3AI score0.24427EPSS
Exploits2References2
Cvelist
Cvelistadded 2024/04/10 5:7 p.m.21 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS5.6AI score0.24427EPSS
Exploits2References2
CVE
CVEadded 2024/04/10 5:7 p.m.99 views

CVE-2024-3568

The CVE-2024-3568 issue affects the Hugging Face Transformers library, where an unsafe deserialization in TFPreTrainedModel.load_repo_checkpoint() uses pickle.load() on data from untrusted sources, enabling remote code execution via a malicious checkpoint. Documented impact targets Transformers v...

9.6CVSS8.4AI score0.24427EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/04/10 5:7 p.m.20 views

CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...

3.4CVSS8.5AI score0.24427EPSS
Exploits2References2
Rows per page
Query Builder