CNNVD-202507-1636 Information
CNNVD ID
CNNVD-202507-1636
Related CVE
- CNNVD Published: 2025-07-11
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.50.3及之前版本存在安全漏洞,该漏洞源于DonutProcessor类的token2json方法存在正则表达式拒绝服务,可能导致服务中断。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. There is a security loophole in Hugging Face Transports 4.50.3 and earlier versions, which stems from the Token2json method of DonutProcessor, which has a regular expression of denial of service, which may lead to disruption.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hugging Face
Published
2025-07-11
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/ebbe9b12dd75b69f92100d684c47f923ee262a93 https://huntr.com/bounties/25282953-5827-4384-bb6f-5790d275721b
Patch
https://github.com/huggingface/transformers/releases
Share on: