CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
AI Score
Confidence
Low
EPSS
Percentile
9.0%
transformers is vulnerable to Arbitrary Code Execution. This vulnerability is due to the deserialization of untrusted data within the load_repo_checkpoint()
function in the TFPreTrainedModel()
class, where attackers can exploit the use of pickle.load()
on data from potentially untrusted sources to execute arbitrary code and commands.
github.com/advisories/GHSA-37q5-v5qm-c9v8
github.com/huggingface/transformers/blob/3d2900e829ab16757632f9dde891f1947cfc4be0/src/transformers/modeling_tf_utils.py#L1401
github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125
huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f