transformers@4.42.3 vulnerabilities

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the normalize_numbers function of the EnglishNormalizer class. An attacker can cause excessive CPU consumption and disrupt service availability by submitting specially crafted input strings with long sequences of digits.

Upgrade transformers to version 4.53.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the remove_language_code function in the MarianTokenizer class, when handling malformed language code patterns. An attacker can cause excessive CPU consumption and disrupt service availability by submitting specially crafted input strings.

Upgrade transformers to version 4.53.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the convert_tf_weight_name_to_pt_weight_name function. An attacker can cause excessive CPU consumption and disrupt service availability by supplying specially crafted input strings that trigger catastrophic backtracking in the regular expression.

Upgrade transformers to version 4.53.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the token2json function in the processing_donut module. An attacker can cause high CPU usage and potential application downtime by providing a specially crafted payload.

Upgrade transformers to version 4.52.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via improper handling of user-supplied URLs by using the startswith() method in image_utils.py. An attacker can cause an application to display a seemingly legitimate YouTube link that actually redirects users to a malicious domain by supplying crafted input.

Upgrade transformers to version 4.52.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocess_string function in the transformers.testing_utils module. An attacker can cause high CPU usage and potential application downtime by providing a specially crafted payload.

Upgrade transformers to version 4.50.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the tokenization_gpt_neox_japanese.py file, within the SubWordJapaneseTokenizer class. The regex is designed to match Japanese price expressions, but because many of its components are optional (?, *), it matches overly broad patterns and exhibits exponential backtracking behavior on crafted inputs which can lead to high CPU usage.

Upgrade transformers to version 4.50.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the post_process_single function. An attacker can cause high CPU usage and potential application downtime by supplying specially crafted input that triggers excessive backtracking in the regex processing.

Upgrade transformers to version 4.48.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the parsing of model files, due to the lack of proper validation of user-supplied data. This is only exploitable if the target visits a malicious page or opens a malicious MaskFormer model file.

Note: The maintainers of this package are not addressing this vulnerability as it is limited to accessory conversion scripts and does not impact core library functions. The need for the attacker to provide a malicious model file which is then converted using the relevant script is considered an unrealistic attack vector. Since mitigation would require the complete removal of these scripts, the issue is not expected to be fixed.

Update: Although still included in the source code, the conversion scripts have been removed from the package's distributable wheels as of version 4.48.0.

Upgrade transformers to version 4.48.0 or higher.

transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the handling of configuration files. This is only exploitable if the target visits a malicious page or opens a malicious MobileViTV2 config file.

Note: The maintainers of this package are not addressing this vulnerability as it is limited to accessory conversion scripts and does not impact core library functions. The need for the attacker to provide a malicious model file which is then converted using the relevant script is considered an unrealistic attack vector. Since mitigation would require the complete removal of these scripts, the issue is not expected to be fixed.

Update: Although still included in the source code, the conversion scripts have been removed from the package's distributable wheels as of version 4.48.0.

Upgrade transformers to version 4.48.0 or higher.