Deserialization of Untrusted Data in huggingface/transformers
CVE-2023-7018

9.6CRITICAL

Key Information:

Vendor: huggingface
Status: huggingface/transformers
Vendor: CVE Published:; 20 December 2023

🔔 Create huggingface Vulnerability Alert

What is CVE-2023-7018?

A security issue exists in the Hugging Face Transformers library where untrusted data can be deserialized, potentially leading to adverse impacts on application security. This vulnerability could be exploited to manipulate data and execute unauthorized actions, emphasizing the importance of using updated versions to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

huggingface/transformers < 4.36

References

https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee621...

https://github.com/huggingface/transformers/commit/1d63b0...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Dec 20, 2023

JSON

huggingface

What is CVE-2023-7018?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.