CNNVD-202509-1814 Information
CNNVD ID
CNNVD-202509-1814
Related CVE
- CNNVD Published: 2025-09-12
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.52.4版本存在安全漏洞,该漏洞源于MarianTokenizer的remove_language_code方法存在正则表达式处理效率问题,可能导致正则表达式拒绝服务。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. There is a security loophole in the Hugging Face Transformers version 4.52.4, which stems from the remove language code method of MarianTokenizer, which has a regular expression of efficiency, which may lead to the denial of service.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hugging Face
Published
2025-09-12
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be https://huntr.com/bounties/6a6c933f-9ce8-4ded-8b3b-2c1444c61f36
Patch
https://github.com/huggingface/transformers/releases
Share on: