CRITICAL 9.0 PyPI
transformers has a Deserialization of Untrusted Data vulnerability
GHSA-3863-2447-669p · CVE-2023-6730 · PYSEC-2023-300
Published · Modified
Description
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.0.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-6730
- WEB https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
- PACKAGE https://github.com/huggingface/transformers
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-300.yaml
- WEB https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16
Ready to move
Start Securing
Free, no credit card | First findings in minutes