CNNVD-202507-658 Information
CNNVD ID
CNNVD-202507-658
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.49.0版本存在安全漏洞,该漏洞源于dynamic_module_utils.py中get_imports函数的正则表达式复杂性不足,可能导致正则表达式拒绝服务攻击。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. There is a security loophole in version 4.49.0 of Hugging Face Transports, which stems from the lack of complexity of the regular expression of the Get imports function in dynamic module utils.py, which may lead to a negative service attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hugging Face
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76 https://huntr.com/bounties/3c6f7822-9992-476d-8cf0-b0b1623427df https://access.redhat.com/security/cve/cve-2025-3264
Patch
https://github.com/huggingface/transformers/releases
Share on: