CNNVD-202507-662 Information
CNNVD ID
CNNVD-202507-662
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.49.0及之前版本存在输入验证错误漏洞,该漏洞源于image_utils.py中URL验证不足,可能导致钓鱼攻击。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. Hugging Face Transports 4.49.0 and previous versions had input-validation bugs, which stemmed from the inadequate certification of URLs in image utils.py, which could lead to fishing attacks.
Hazard Level
Critical
Vulnerability Type
输入验证错误
Affected Vendor
Hugging Face
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/4dda5f71b35fb70cf602187eef84bb17a50b9082 https://huntr.com/bounties/ccba0730-9248-4853-b7ff-5c20e6364f09 https://access.redhat.com/security/cve/cve-2025-3777
Patch
https://github.com/huggingface/transformers/releases
Share on: