Overview
- Description
- The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.
- Source
- security@huntr.dev
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.0
- Type
- Secondary
- Base score
- 3.4
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L
- Severity
- LOW
Weaknesses
- security@huntr.dev
- CWE-502
Social media
- Hype score
- Not currently trending