transformers 4.50.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the transformers package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `_do_use_weight_decay` function. An attacker can cause excessive CPU consumption and make services unresponsive by supplying malicious regular expressions in the `include_in_weight_decay` or `exclude_from_weight_decay` lists. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.53.0 or higher.	[,4.53.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `normalize_numbers` function of the `EnglishNormalizer` class. An attacker can cause excessive CPU consumption and disrupt service availability by submitting specially crafted input strings with long sequences of digits. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.53.0 or higher.	[,4.53.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `remove_language_code` function in the `MarianTokenizer` class, when handling malformed language code patterns. An attacker can cause excessive CPU consumption and disrupt service availability by submitting specially crafted input strings. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.53.0 or higher.	[,4.53.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `convert_tf_weight_name_to_pt_weight_name` function. An attacker can cause excessive CPU consumption and disrupt service availability by supplying specially crafted input strings that trigger catastrophic backtracking in the regular expression. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.53.0 or higher.	[,4.53.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `token2json` function in the `processing_donut` module. An attacker can cause high CPU usage and potential application downtime by providing a specially crafted payload. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.52.0 or higher.	[0,4.52.0)
M Improper Validation of Syntactic Correctness of Input transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via improper handling of user-supplied URLs by using the `startswith()` method in `image_utils.py`. An attacker can cause an application to display a seemingly legitimate YouTube link that actually redirects users to a malicious domain by supplying crafted input. How to fix Improper Validation of Syntactic Correctness of Input? Upgrade `transformers` to version 4.52.0 or higher.	[0,4.52.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `get_configuration_file()` function in the `transformers.configuration_utils` modules. An attacker can cause the application to become unresponsive or crash by supplying specially crafted input that triggers excessive backtracking. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.51.0 or higher.	[4.49.0,4.51.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `get_imports()` function in `dynamic_module_utils.py`. An attacker can cause excessive resource consumption by supplying crafted input that triggers inefficient regular expression processing. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.51.0 or higher.	[4.49.0,4.51.0)
M Regular Expression Denial of Service (ReDoS) transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `SETTING_RE` regular expression in `/commands/chat.py`. An attacker can cause significant performance degradation and application downtime by submitting specially crafted input strings that trigger excessive backtracking. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `transformers` to version 4.51.0 or higher.	[4.49.0,4.51.0)

Vulnerability

Vulnerable Version

Regular Expression Denial of Service (ReDoS)