CNNVD-202507-655 Information
CNNVD ID
CNNVD-202507-655
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.49.0版本存在安全漏洞,该漏洞源于transformers/commands/chat.py中SETTING_RE变量的正则表达式复杂性不足,可能导致正则表达式拒绝服务攻击。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. There is a security loophole in version 4.49.0 of Hugging Face Transports, which stems from the lack of complexity of the regular expression of the SETTING RE variable in Transformers/Commands/chat.py, which could lead to a negative service attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hugging Face
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76 https://huntr.com/bounties/ecf5ccc4-39e7-4fb3-b547-14a41d31a184 https://access.redhat.com/security/cve/cve-2025-3262
Patch
https://github.com/huggingface/transformers/releases
Share on: