HIGH 7.8
PYSEC-2023-301
Details
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / transformers
Introduced in:
0 Fixed in: 1d63b0ec361e7a38f1339385e8a5a855085532ce Fix
pip install --upgrade 'transformers>=1d63b0ec361e7a38f1339385e8a5a855085532ce' References
- https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c [EVIDENCE]
- https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c [FIX]
- https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c [WEB]
- https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce [FIX]
- https://github.com/advisories/GHSA-v68g-wm8c-6x7j [ADVISORY]