Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
4.7CVSS
4.6AI Score
0.0004EPSS
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
8.8CVSS
8.7AI Score
0.001EPSS
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
7.8CVSS
7.7AI Score
0.001EPSS
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the load_repo_checkpoint() function of the TFPreTrainedModel() class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploit...
3.4CVSS
8.4AI Score
0.0004EPSS