CVE-2023-2800: Insecure Temporary File

May 18, 2023 (updated May 26, 2023)

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

References

github.com/advisories/GHSA-282v-666c-3fvg
github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43
huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a
nvd.nist.gov/vuln/detail/CVE-2023-2800

Detect and mitigate CVE-2023-2800 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →