{"id":"PYSEC-2023-299","details":"Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.","aliases":["CVE-2023-2800","GHSA-282v-666c-3fvg"],"modified":"2024-11-21T14:57:00.339656Z","published":"2023-05-18T17:15:00Z","references":[{"type":"FIX","url":"https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43"},{"type":"WEB","url":"https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a"}],"affected":[{"package":{"name":"transformers","ecosystem":"PyPI","purl":"pkg:pypi/transformers"},"ranges":[{"type":"GIT","repo":"https://github.com/huggingface/transformers","events":[{"introduced":"0"},{"fixed":"80ca92470938bbcc348e2d9cf4734c7c25cb1c43"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.30.0"}]}],"versions":["0.1","2.0.0","2.1.0","2.1.1","2.10.0","2.11.0","2.2.0","2.2.1","2.2.2","2.3.0","2.4.0","2.4.1","2.5.0","2.5.1","2.6.0","2.7.0","2.8.0","2.9.0","2.9.1","3.0.0","3.0.1","3.0.2","3.1.0","3.2.0","3.3.0","3.3.1","3.4.0","3.5.0","3.5.1","4.0.0","4.0.0rc1","4.0.1","4.1.0","4.1.1","4.10.0","4.10.1","4.10.2","4.10.3","4.11.0","4.11.1","4.11.2","4.11.3","4.12.0","4.12.1","4.12.2","4.12.3","4.12.4","4.12.5","4.13.0","4.14.0","4.14.1","4.15.0","4.16.0","4.16.1","4.16.2","4.17.0","4.18.0","4.19.0","4.19.1","4.19.2","4.19.3","4.19.4","4.2.0","4.2.1","4.2.2","4.20.0","4.20.1","4.21.0","4.21.1","4.21.2","4.21.3","4.22.0","4.22.1","4.22.2","4.23.0","4.23.1","4.24.0","4.25.0","4.25.1","4.26.0","4.26.1","4.27.0","4.27.1","4.27.2","4.27.3","4.27.4","4.28.0","4.28.1","4.29.0","4.29.1","4.29.2","4.3.0","4.3.0rc1","4.3.1","4.3.2","4.3.3","4.4.0","4.4.1","4.4.2","4.5.0","4.5.1","4.6.0","4.6.1","4.7.0","4.8.0","4.8.1","4.8.2","4.9.0","4.9.1","4.9.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2023-299.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}