{"data":{"id":"f9f12b75-c979-40a9-a842-9db7b655852f","title":"CVE-2023-7018: Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.","summary":"CVE-2023-7018 is a deserialization of untrusted data vulnerability (a flaw where an AI library unsafely processes data from untrusted sources) in the Hugging Face Transformers library before version 4.36. This weakness could potentially allow an attacker to execute malicious code through specially crafted input.","solution":"Update to Transformers version 4.36 or later. A patch is available at the GitHub commit: https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-7018","publishedAt":"2023-12-20T22:15:08.823Z","cveId":"CVE-2023-7018","cweIds":["CWE-502"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["HuggingFace","transformers library"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00203,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}