CVE-2023-2800: transformers has Insecure Temporary File
(updated )
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.
References
- github.com/advisories/GHSA-282v-666c-3fvg
- github.com/huggingface/transformers
- github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43
- github.com/huggingface/transformers/pull/23372
- github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yaml
- huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a
- nvd.nist.gov/vuln/detail/CVE-2023-2800
Detect and mitigate CVE-2023-2800 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →