{"id":"PYSEC-2023-300","details":"Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.","aliases":["CVE-2023-6730","GHSA-3863-2447-669p"],"modified":"2024-11-21T14:56:59.794753Z","published":"2023-12-19T13:15:00Z","references":[{"type":"EVIDENCE","url":"https://huntr.com/bounties/423611ee-7a2a-442a-babb-3ed2f8385c16"},{"type":"FIX","url":"https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce"}],"affected":[{"package":{"name":"transformers","ecosystem":"PyPI","purl":"pkg:pypi/transformers"},"ranges":[{"type":"GIT","repo":"https://github.com/huggingface/transformers","events":[{"introduced":"0"},{"fixed":"1d63b0ec361e7a38f1339385e8a5a855085532ce"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.36.0"}]}],"versions":["0.1","2.0.0","2.1.0","2.1.1","2.10.0","2.11.0","2.2.0","2.2.1","2.2.2","2.3.0","2.4.0","2.4.1","2.5.0","2.5.1","2.6.0","2.7.0","2.8.0","2.9.0","2.9.1","3.0.0","3.0.1","3.0.2","3.1.0","3.2.0","3.3.0","3.3.1","3.4.0","3.5.0","3.5.1","4.0.0","4.0.0rc1","4.0.1","4.1.0","4.1.1","4.10.0","4.10.1","4.10.2","4.10.3","4.11.0","4.11.1","4.11.2","4.11.3","4.12.0","4.12.1","4.12.2","4.12.3","4.12.4","4.12.5","4.13.0","4.14.0","4.14.1","4.15.0","4.16.0","4.16.1","4.16.2","4.17.0","4.18.0","4.19.0","4.19.1","4.19.2","4.19.3","4.19.4","4.2.0","4.2.1","4.2.2","4.20.0","4.20.1","4.21.0","4.21.1","4.21.2","4.21.3","4.22.0","4.22.1","4.22.2","4.23.0","4.23.1","4.24.0","4.25.0","4.25.1","4.26.0","4.26.1","4.27.0","4.27.1","4.27.2","4.27.3","4.27.4","4.28.0","4.28.1","4.29.0","4.29.1","4.29.2","4.3.0","4.3.0rc1","4.3.1","4.3.2","4.3.3","4.30.0","4.30.1","4.30.2","4.31.0","4.32.0","4.32.1","4.33.0","4.33.1","4.33.2","4.33.3","4.34.0","4.34.1","4.35.0","4.35.1","4.35.2","4.4.0","4.4.1","4.4.2","4.5.0","4.5.1","4.6.0","4.6.1","4.7.0","4.8.0","4.8.1","4.8.2","4.9.0","4.9.1","4.9.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/transformers/PYSEC-2023-300.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}