transformers@4.2.0 vulnerabilities

State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Direct Vulnerabilities

Known vulnerabilities in the transformers package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Deserialization of Untrusted Data

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load_repo_checkpoint function of the TFPreTrainedModel class. An attacker can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of pickle.load on data from potentially untrusted sources. This vulnerability allows for remote code execution by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.

Note:

Even if the function calls pickle.load(), which permits remote code execution from an untrusted repo, this function was essentially deprecated and unused code that is not called in any standard workflow, so the attacker would have to induce the user to call this unusual function in addition to preparing a repo with a malicious payload.

How to fix Deserialization of Untrusted Data?

Upgrade transformers to version 4.38.0 or higher.

[,4.38.0)
  • M
Command Injection

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Command Injection via the subprocess.Popen calls. This could potentially allow for the execution of arbitrary code.

Note: It appears that while this issue is generally not critical for the library's primary use cases, it can become more significant in specific production environments. Particularly in scenarios where the library interacts with user-generated input, such as in web application backends, desktop applications, and cloud-based ML services, the risk of arbitrary code execution increases.

How to fix Command Injection?

Upgrade transformers to version 4.37.0 or higher.

[,4.37.0)
  • C
Deserialization of Untrusted Data

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the index_name and index_path parameters to the RagRetriever.from_pretrained() function. These can be used to load malicious pickle files remotely, bypassing file checks to execute code on the host.

How to fix Deserialization of Untrusted Data?

Upgrade transformers to version 4.36.0 or higher.

[,4.36.0)
  • H
Deserialization of Untrusted Data

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the TransfoXLTokenizer() function, which can be called on a malicious vocab.pkl automatically. An attacker can bypass the import blacklist and other checks to cause such a file to be naively loaded via pickle.load in 3rd party users of an infected model.

How to fix Deserialization of Untrusted Data?

Upgrade transformers to version 4.36.0 or higher.

[,4.36.0)
  • M
Insecure Temporary File

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Insecure Temporary File due to using the deprecated tempfile.mktemp() function which is not secure because a different process may create a file with this name in the time between the call to mktemp() and the subsequent attempt to create the file by the first process.

How to fix Insecure Temporary File?

Upgrade transformers to version 4.30.0 or higher.

[0,4.30.0)
  • M
Open Redirect

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Open Redirect due to referencing an obsolete link.

How to fix Open Redirect?

Upgrade transformers to version 4.23.0 or higher.

[,4.23.0)