The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the load_repo_checkpoint() function of the TFPreTrainedModel() class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload,...
3.4CVSS
9.2AI Score
0.0004EPSS
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to...
9.6CVSS
7.3AI Score
0.001EPSS
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to...
9CVSS
7.3AI Score
0.001EPSS
4.7CVSS
4.8AI Score
0.0004EPSS