Deserialization of Untrusted Data in huggingface/transformers
CVE-2023-6730
9CRITICAL
What is CVE-2023-6730?
A vulnerability exists in the Hugging Face Transformers library that allows for deserialization of untrusted data. This can potentially allow an attacker to execute arbitrary code or manipulate application behavior when maliciously crafted data is processed. Developers using versions prior to 4.36 should review their implementation to safeguard against this risk, ensuring improved data validation methodologies.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
huggingface/transformers < 4.36
References
CVSS V3.1
Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved