CNNVD-202507-660 Information
CNNVD ID
CNNVD-202507-660
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.49.0版本存在安全漏洞,该漏洞源于transformers.configuration_utils模块中get_configuration_file函数的正则表达式复杂性不足,可能导致正则表达式拒绝服务攻击。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. There is a security loophole in version 4.49.0 of Hugging Face Transports, which stems from the lack of formal expression complexity of the Get configration file function in the transportformers.configation utils module, which could lead to a regular expression rejecting service attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hugging Face
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/0720e206c6ba28887e4d60ef60a6a089f6c1cc76 https://huntr.com/bounties/c7a69150-54f8-4e81-8094-791e7a2a0f29 https://access.redhat.com/security/cve/cve-2025-3263
Patch
https://github.com/huggingface/transformers/releases
Share on: