GHSA-282v-666c-3fvg

Suggest an improvement
Source
https://github.com/advisories/GHSA-282v-666c-3fvg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-282v-666c-3fvg/GHSA-282v-666c-3fvg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-282v-666c-3fvg
Aliases
Published
2023-05-18T18:30:35Z
Modified
2024-11-22T20:46:31.605562Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
transformers has Insecure Temporary File
Details

Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.

Database specific 
{
    "nvd_published_at": "2023-05-18T17:15:08Z",
    "cwe_ids": [
        "CWE-377"
    ],
    "github_reviewed_at": "2023-05-19T13:27:42Z",
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

PyPI / transformers

Package

Name
transformers
View open source insights on deps.dev
Purl
pkg:pypi/transformers

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.30.0

Affected versions

0.*

0.1

2.*

2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.7.0
2.8.0
2.9.0
2.9.1
2.10.0
2.11.0

3.*

3.0.0
3.0.1
3.0.2
3.1.0
3.2.0
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1

4.*

4.0.0rc1
4.0.0
4.0.1
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.3.0rc1
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.5.0
4.5.1
4.6.0
4.6.1
4.7.0
4.8.0
4.8.1
4.8.2
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.11.0
4.11.1
4.11.2
4.11.3
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.13.0
4.14.0
4.14.1
4.15.0
4.16.0
4.16.1
4.16.2
4.17.0
4.18.0
4.19.0
4.19.1
4.19.2
4.19.3
4.19.4
4.20.0
4.20.1
4.21.0
4.21.1
4.21.2
4.21.3
4.22.0
4.22.1
4.22.2
4.23.0
4.23.1
4.24.0
4.25.0
4.25.1
4.26.0
4.26.1
4.27.0
4.27.1
4.27.2
4.27.3
4.27.4
4.28.0
4.28.1
4.29.0
4.29.1
4.29.2