Vulnerability Database
Blog
FAQ
Docs
PYSEC-2023-301
See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2023-301.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2023-301
Aliases
CVE-2023-7018
GHSA-v68g-wm8c-6x7j
Published
2023-12-20T17:15:00Z
Modified
2024-11-21T14:59:28.107154Z
Severity
7.8 (High)
CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
References
https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c
https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
Affected packages
PyPI
/
transformers
Package
Name
transformers
View open source insights on deps.dev
Purl
pkg:pypi/transformers
Affected ranges
Type
GIT
Repo
https://github.com/huggingface/transformers
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
1d63b0ec361e7a38f1339385e8a5a855085532ce
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
4.36.0
Affected versions
0.*
0.1
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.7.0
2.8.0
2.9.0
2.9.1
2.10.0
2.11.0
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.2.0
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1
4.*
4.0.0rc1
4.0.0
4.0.1
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.3.0rc1
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.5.0
4.5.1
4.6.0
4.6.1
4.7.0
4.8.0
4.8.1
4.8.2
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.11.0
4.11.1
4.11.2
4.11.3
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.13.0
4.14.0
4.14.1
4.15.0
4.16.0
4.16.1
4.16.2
4.17.0
4.18.0
4.19.0
4.19.1
4.19.2
4.19.3
4.19.4
4.20.0
4.20.1
4.21.0
4.21.1
4.21.2
4.21.3
4.22.0
4.22.1
4.22.2
4.23.0
4.23.1
4.24.0
4.25.0
4.25.1
4.26.0
4.26.1
4.27.0
4.27.1
4.27.2
4.27.3
4.27.4
4.28.0
4.28.1
4.29.0
4.29.1
4.29.2
4.30.0
4.30.1
4.30.2
4.31.0
4.32.0
4.32.1
4.33.0
4.33.1
4.33.2
4.33.3
4.34.0
4.34.1
4.35.0
4.35.1
4.35.2
PYSEC-2023-301 - OSV