transformers@4.37.0 vulnerabilities

State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

latest version

4.40.2
latest non vulnerable version

4.40.2
first published

8 years ago
latest version published

11 days ago
licenses detected
- Apache-2.0
  [2.0.0,)
View transformers package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the transformers package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Deserialization of Untrusted Data transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `load_repo_checkpoint` function of the `TFPreTrainedModel` class. An attacker can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load` on data from potentially untrusted sources. This vulnerability allows for remote code execution by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. Note: Even if the function calls `pickle.load()`, which permits remote code execution from an untrusted repo, this function was essentially deprecated and unused code that is not called in any standard workflow, so the attacker would have to induce the user to call this unusual function in addition to preparing a repo with a malicious payload. How to fix Deserialization of Untrusted Data? Upgrade `transformers` to version 4.38.0 or higher.	[,4.38.0)

Deserialization of Untrusted Data

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the load_repo_checkpoint function of the TFPreTrainedModel class. An attacker can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of pickle.load on data from potentially untrusted sources. This vulnerability allows for remote code execution by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.

Note:

Even if the function calls pickle.load(), which permits remote code execution from an untrusted repo, this function was essentially deprecated and unused code that is not called in any standard workflow, so the attacker would have to induce the user to call this unusual function in addition to preparing a repo with a malicious payload.

How to fix Deserialization of Untrusted Data?

Upgrade transformers to version 4.38.0 or higher.

[,4.38.0)

Go back to all versions of this package

transformers@4.37.0 vulnerabilities

State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities