CVE-2023-2800

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43	Patch
https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*

History

26 May 2023, 18:11

Type	Values Removed	Values Added
First Time		Huggingface transformers Huggingface
References	~~(CONFIRM) https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a -~~	(CONFIRM) https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a - Exploit, Patch, Third Party Advisory
References	~~(MISC) https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43 -~~	(MISC) https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.7
CPE		cpe:2.3:a:huggingface:transformers::::::::

18 May 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-18 17:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-2800

Mitre link : CVE-2023-2800

CVE.ORG link : CVE-2023-2800

JSON object : View

Products Affected

huggingface

transformers

CWE

CWE-377

Insecure Temporary File

4.7 /10