AI Threat Alert

CVE-2023-6730

GHSA-3863-2447-669p HIGH
Published December 19, 2023

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
transformers pip < 4.36.0 4.36.0
transformers pip No patch

Severity & Risk

CVSS 3.1
8.8 / 10
EPSS
0.2%
chance of exploitation in 30 days
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

Patch available

Update transformers to version 4.36.0

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

Weaknesses (CWE)

CWE-502 Deserialization of Untrusted Data Primary CWE-502

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Timeline

Published
December 19, 2023
Last Modified
November 22, 2024
First Seen
December 19, 2023
Back to Threat Feed