CVE-2023-7018: transformers has a Deserialization of Untrusted Data vulnerability
(updated )
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
References
- github.com/advisories/GHSA-v68g-wm8c-6x7j
- github.com/huggingface/transformers
- github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
- github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-301.yaml
- huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c
- nvd.nist.gov/vuln/detail/CVE-2023-7018
Detect and mitigate CVE-2023-7018 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →