GHSA-282v-666c-3fvg
- Source
- https://github.com/advisories/GHSA-282v-666c-3fvg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-282v-666c-3fvg/GHSA-282v-666c-3fvg.json
- Aliases
- Published
- 2023-05-18T18:30:35Z
- Modified
- 2024-02-16T08:01:54.917122Z
- Details
-
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-2800
- https://github.com/huggingface/transformers/pull/23372
- https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43
- https://github.com/huggingface/transformers
- https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a
Affected packages
PyPI / transformers
Package
- Name
- transformers
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed4.30.0
Affected versions
0.*
0.1
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.7.0
2.8.0
2.9.0
2.9.1
2.10.0
2.11.0
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.2.0
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1
4.*
4.0.0rc1
4.0.0
4.0.1
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.3.0rc1
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.5.0
4.5.1
4.6.0
4.6.1
4.7.0
4.8.0
4.8.1
4.8.2
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.11.0
4.11.1
4.11.2
4.11.3
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.13.0
4.14.0
4.14.1
4.15.0
4.16.0
4.16.1
4.16.2
4.17.0
4.18.0
4.19.0
4.19.1
4.19.2
4.19.3
4.19.4
4.20.0
4.20.1
4.21.0
4.21.1
4.21.2
4.21.3
4.22.0
4.22.1
4.22.2
4.23.0
4.23.1
4.24.0
4.25.0
4.25.1
4.26.0
4.26.1
4.27.0
4.27.1
4.27.2
4.27.3
4.27.4
4.28.0
4.28.1
4.29.0
4.29.1
4.29.2