CNNVD-202509-1851 Information
CNNVD ID
CNNVD-202509-1851
Related CVE
- CNNVD Published: 2025-09-14
Description (Chinese)
Hugging Face Transformers是Hugging Face开源的为 Jax、PyTorch 和 TensorFlow 打造的先进的自然语言处理。 Hugging Face Transformers 4.52.4及之前版本存在安全漏洞,该漏洞源于EnglishNormalizer类的normalize_numbers方法对数字字符串处理不当,可能导致正则表达式拒绝服务攻击。
Description (English)
The Hugging Face Transformers is an advanced, natural language-processing process for Jax, PyTorch and TensorFlow, an open-source Hugging Face. There is a security loophole in Hugging Face Transports 4.52.4 and previous versions, which stems from the normalize numbers method of the Engineering Normalizer class, which mishandles the digital string and may lead to a regular expression of denial of service attacks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Hugging Face
Published
2025-09-14
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/ba8eaba9865618253f997784aa565b96206426f0 https://huntr.com/bounties/af929523-7b59-418a-bf55-301830b2ac9d
Patch
https://github.com/huggingface/transformers/releases
Share on: