9.6
CVE-2023-7018
- EPSS 0.73%
- Veröffentlicht 20.12.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:45:03
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
LoginDeserialization of Untrusted Data in huggingface/transformers
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Huggingface ≫ Transformers Version < 4.36.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.493 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| security@huntr.dev | 9.6 | 2.8 | 6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c