pysec-2023-300
Vulnerability from pysec
Published
2023-12-19 13:15
Modified
2024-11-21 14:23
Severity ?
Details
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Aliases
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "transformers", "purl": "pkg:pypi/transformers" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1d63b0ec361e7a38f1339385e8a5a855085532ce" } ], "repo": "https://github.com/huggingface/transformers", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "4.36.0" } ], "type": "ECOSYSTEM" } ], "versions": [ "0.1", "2.0.0", "2.1.0", "2.1.1", "2.10.0", "2.11.0", "2.2.0", "2.2.1", "2.2.2", "2.3.0", "2.4.0", "2.4.1", "2.5.0", "2.5.1", "2.6.0", "2.7.0", "2.8.0", "2.9.0", "2.9.1", "3.0.0", "3.0.1", "3.0.2", "3.1.0", "3.2.0", "3.3.0", "3.3.1", "3.4.0", "3.5.0", "3.5.1", "4.0.0", "4.0.0rc1", "4.0.1", "4.1.0", "4.1.1", "4.10.0", "4.10.1", "4.10.2", "4.10.3", "4.11.0", "4.11.1", "4.11.2", "4.11.3", "4.12.0", "4.12.1", "4.12.2", "4.12.3", "4.12.4", "4.12.5", "4.13.0", "4.14.0", "4.14.1", "4.15.0", "4.16.0", "4.16.1", "4.16.2", "4.17.0", "4.18.0", "4.19.0", "4.19.1", "4.19.2", "4.19.3", "4.19.4", "4.2.0", "4.2.1", "4.2.2", "4.20.0", "4.20.1", "4.21.0", "4.21.1", "4.21.2", "4.21.3", "4.22.0", "4.22.1", "4.22.2", "4.23.0", "4.23.1", "4.24.0", "4.25.0", "4.25.1", "4.26.0", "4.26.1", "4.27.0", "4.27.1", "4.27.2", "4.27.3", "4.27.4", "4.28.0", "4.28.1", "4.29.0", "4.29.1", "4.29.2", "4.3.0", "4.3.0rc1", "4.3.1", "4.3.2", "4.3.3", "4.30.0", "4.30.1", "4.30.2", "4.31.0", "4.32.0", "4.32.1", "4.33.0", "4.33.1", "4.33.2", "4.33.3", "4.34.0", "4.34.1", "4.35.0", "4.35.1", "4.35.2", "4.4.0", "4.4.1", "4.4.2", "4.5.0", "4.5.1", "4.6.0", "4.6.1", "4.7.0", "4.8.0", "4.8.1", "4.8.2", "4.9.0", "4.9.1", "4.9.2" ] } ], "aliases": [ "CVE-2023-6730" ], "details": "Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.", "id": "PYSEC-2023-300", "modified": "2024-11-21T14:23:01.871022+00:00", "published": "2023-12-19T13:15:00+00:00", "references": [ { "type": "EVIDENCE", "url": "https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16" }, { "type": "FIX", "url": "https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.