VDB
EN
MEDIUM 5.3

PYSEC-2026-1982

Transformers Regular Expression Denial of Service (ReDoS) vulnerability

상세

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / transformers
최초 영향 버전: 0 수정 버전: 4.48.0
수정 pip install --upgrade 'transformers>=4.48.0'

참고