CNNVD-202509-3659 Information
CNNVD ID
CNNVD-202509-3659
Related CVE
- CNNVD Published: 2025-09-23
Description (Chinese)
transformers是Hugging Face开源的一个用于机器学习的应用程序。 transformers 4.53.0之前版本存在资源管理错误漏洞,该漏洞源于_do_use_weight_decay方法处理用户控制的正则表达式时存在缺陷,可能导致正则表达式拒绝服务攻击。
Description (English)
Transformers is an application for machine learning, which is an open source of Hugging Face. There was a resource management error gap in the pre-transformers 4.5.3.0 version, which arose from deficiencies in the do use weather decay approach when dealing with regular expressions controlled by users, which could lead to a regular expression of denial of service attacks.
Hazard Level
High
Vulnerability Type
资源管理错误
Affected Vendor
慧捷通
Published
2025-09-23
Last Modified
2026-02-24
References
https://github.com/huggingface/transformers/commit/47c34fba5c303576560cb29767efb452ff12b8be https://huntr.com/bounties/287d15a7-6e7c-45d2-8c05-11e305776f1f https://access.redhat.com/security/cve/cve-2025-6921
Patch
https://github.com/huggingface/transformers/releases
Share on: