MEDIUM 4.7
PYSEC-2023-299
Details
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / transformers
Introduced in:
0 Fixed in: 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 Fix
pip install --upgrade 'transformers>=80ca92470938bbcc348e2d9cf4734c7c25cb1c43' References
- https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43 [FIX]
- https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a [EVIDENCE]
- https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a [FIX]
- https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a [WEB]
- https://github.com/advisories/GHSA-282v-666c-3fvg [ADVISORY]