{"data":{"id":"fcf20a07-6c49-4aa5-91ff-fe3bdd63e4b0","title":"CVE-2024-12720: A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, spe","summary":"A ReDoS (regular expression denial of service, where a poorly designed search pattern can be exploited to consume excessive computer processing power) vulnerability was found in the huggingface/transformers library version 4.46.3, specifically in code that processes text tokens. An attacker could send specially crafted input that causes the regex to work inefficiently, using up all the CPU and crashing the application.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-12720","publishedAt":"2025-03-20T14:15:29.507Z","cveId":"CVE-2024-12720","cweIds":["CWE-1333"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["HuggingFace","transformers library"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00137,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}