๐Ÿ” CVE Alert

CVE-2023-2800

MEDIUM 4.7

Insecure Temporary File in huggingface/transformers

CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

CWE CWE-377
Vendor huggingface
Product huggingface/transformers
Published May 18, 2023
Last Updated Jan 21, 2025
Stay Ahead of the Next One

Get instant alerts for huggingface huggingface/transformers

Be the first to know when new medium vulnerabilities affecting huggingface huggingface/transformers are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Versions

huggingface / huggingface/transformers
unspecified < 4.30.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
huntr.dev: https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a github.com: https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43