Vulnerabilities > CVE-2023-7018 - Deserialization of Untrusted Data vulnerability in Huggingface Transformers

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huggingface

CWE-502

NVD

Published: 2023-12-20

Updated: 2023-12-30

Summary

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

Vulnerable Configurations

Part	Description	Count
Application	Huggingface Huggingface Transformers 0.1.2 Huggingface Transformers 0.2.0 Huggingface Transformers 0.3.0 Huggingface Transformers 0.4.0 Huggingface Transformers 0.5.0 Huggingface Transformers 0.5.1 Huggingface Transformers 0.6.0 Huggingface Transformers 0.6.1 Huggingface Transformers 0.6.2 Huggingface Transformers 1.0.0 Huggingface Transformers 1.1.0 Huggingface Transformers 1.2.0 Huggingface Transformers 2.0.0 Huggingface Transformers 2.1.0 Huggingface Transformers 2.1.1 Huggingface Transformers 2.2.0 Huggingface Transformers 2.2.1 Huggingface Transformers 2.2.2 Huggingface Transformers 2.3.0 Huggingface Transformers 2.4.0 Huggingface Transformers 2.4.1 Huggingface Transformers 2.5.0 Huggingface Transformers 2.5.1 Huggingface Transformers 2.6.0 Huggingface Transformers 2.7.0 Huggingface Transformers 2.8.0 Huggingface Transformers 2.9.0 Huggingface Transformers 2.9.1 Huggingface Transformers 2.10.0 Huggingface Transformers 2.11.0 Huggingface Transformers 3.0.0 Huggingface Transformers 3.0.1 Huggingface Transformers 3.0.2 Huggingface Transformers 3.1.0 Huggingface Transformers 3.2.0 Huggingface Transformers 3.3.0 Huggingface Transformers 3.3.1 Huggingface Transformers 3.4.0 Huggingface Transformers 3.5.0 Huggingface Transformers 3.5.1 Huggingface Transformers 4.0.0 Huggingface Transformers 4.0.1 Huggingface Transformers 4.1.0 Huggingface Transformers 4.1.1 Huggingface Transformers 4.2.0 Huggingface Transformers 4.2.1 Huggingface Transformers 4.2.2 Huggingface Transformers 4.3.0 Huggingface Transformers 4.3.1 Huggingface Transformers 4.3.2 Huggingface Transformers 4.3.3 Huggingface Transformers 4.4.0 Huggingface Transformers 4.4.1 Huggingface Transformers 4.4.2 Huggingface Transformers 4.5.0 Huggingface Transformers 4.5.1 Huggingface Transformers 4.6.0 Huggingface Transformers 4.6.1 Huggingface Transformers 4.7.0 Huggingface Transformers 4.8.0 Huggingface Transformers 4.8.1 Huggingface Transformers 4.8.2 Huggingface Transformers 4.9.0 Huggingface Transformers 4.9.1 Huggingface Transformers 4.9.2 Huggingface Transformers 4.10.0 Huggingface Transformers 4.10.1 Huggingface Transformers 4.10.2 Huggingface Transformers 4.10.3 Huggingface Transformers 4.11.0 Huggingface Transformers 4.11.1 Huggingface Transformers 4.11.2 Huggingface Transformers 4.11.3 Huggingface Transformers 4.12.0 Huggingface Transformers 4.12.1 Huggingface Transformers 4.12.2 Huggingface Transformers 4.12.3 Huggingface Transformers 4.12.4 Huggingface Transformers 4.12.5 Huggingface Transformers 4.13.0 Huggingface Transformers 4.14.0 Huggingface Transformers 4.14.1 Huggingface Transformers 4.15.0 Huggingface Transformers 4.16.0 Huggingface Transformers 4.16.1 Huggingface Transformers 4.16.2 Huggingface Transformers 4.17.0 Huggingface Transformers 4.18.0 Huggingface Transformers 4.19.0 Huggingface Transformers 4.19.1 Huggingface Transformers 4.19.2 Huggingface Transformers 4.19.3 Huggingface Transformers 4.19.4 Huggingface Transformers 4.20.0 Huggingface Transformers 4.20.1 Huggingface Transformers 4.21.0 Huggingface Transformers 4.21.1 Huggingface Transformers 4.21.2 Huggingface Transformers 4.21.3 Huggingface Transformers 4.22.0 Huggingface Transformers 4.22.1 Huggingface Transformers 4.22.2 Huggingface Transformers 4.23.0 Huggingface Transformers 4.23.1 Huggingface Transformers 4.24.0 Huggingface Transformers 4.25.1 Huggingface Transformers 4.26.0 Huggingface Transformers 4.26.1 Huggingface Transformers 4.27.0 Huggingface Transformers 4.27.1 Huggingface Transformers 4.27.2 Huggingface Transformers 4.27.3 Huggingface Transformers 4.27.4 Huggingface Transformers 4.28.0 Huggingface Transformers 4.28.1 Huggingface Transformers 4.29.0 Huggingface Transformers 4.29.1 Huggingface Transformers 4.29.2 Huggingface Transformers 4.30.0 Huggingface Transformers 4.30.1 Huggingface Transformers 4.30.2 Huggingface Transformers 4.31.0 Huggingface Transformers 4.32.0 Huggingface Transformers 4.32.1 Huggingface Transformers 4.33.0 Huggingface Transformers 4.33.1 Huggingface Transformers 4.33.2 Huggingface Transformers 4.33.3 Huggingface Transformers 4.34.0 Huggingface Transformers 4.34.1 Huggingface Transformers 4.35.0 Huggingface Transformers 4.35.1 Huggingface Transformers 4.35.2	135

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References