The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-10T17:07:55.667Z
Updated: 2024-06-04T17:31:01.009Z
Reserved: 2024-04-10T09:52:12.519Z
Link: CVE-2024-3568
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-10T17:15:58.160
Modified: 2024-04-10T19:49:51.183
Link: CVE-2024-3568
JSON object: View
Redhat Information
No data.
CWE