Lucene search

Veracode Vulnerability DatabaseVERACODE:46379

HistoryApr 12, 2024 - 9:08 a.m.

Arbitrary Code Execution

2024-04-1209:08:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

arbitrary code execution

transformers

deserialization

load_repo_checkpoint

tfpretrainedmodel

pickle.load

untrusted sources

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

AI Score

8.2

Confidence

Low

EPSS

Percentile

9.0%

JSON

transformers is vulnerable to Arbitrary Code Execution. This vulnerability is due to the deserialization of untrusted data within the load_repo_checkpoint() function in the TFPreTrainedModel() class, where attackers can exploit the use of pickle.load() on data from potentially untrusted sources to execute arbitrary code and commands.

References

github.com/advisories/GHSA-37q5-v5qm-c9v8

github.com/huggingface/transformers/blob/3d2900e829ab16757632f9dde891f1947cfc4be0/src/transformers/modeling_tf_utils.py#L1401

github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125

huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f

CVSS3

3.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

AI Score

8.2

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46379