CVE-2023-7018
Deserialization of Untrusted Data vulnerability in transformers (PyPI)
What is CVE-2023-7018 About?
This vulnerability is a Deserialization of Untrusted Data flaw found in GitHub repository huggingface/transformers prior to version 4.36. It allows an attacker to exploit insecure deserialization, potentially leading to remote code execution. The ease of exploitation depends on how user-supplied data is handled by the application.
Affected Software
- transformers
- <4.36.0
- <1d63b0ec361e7a38f1339385e8a5a855085532ce
Technical Details
The vulnerability arises from the failure to properly validate or sanitize data during the deserialization process in the Hugging Face Transformers library. Specifically, when the library attempts to reconstruct objects from a serialized data stream (e.g., model files, configuration files, or other saved states), it does so without ensuring the integrity and safety of the incoming data. An attacker can craft a malicious serialized data payload and inject it into a context where the vulnerable library will attempt to deserialize it. This payload can contain arbitrary code or instructions that, when processed during deserialization, are executed by the application. This attack vector can lead to arbitrary code execution, allowing the attacker to compromise the system running the vulnerable Transformers library if they can control the input data.
What is the Impact of CVE-2023-7018?
Successful exploitation may allow attackers to execute arbitrary code on the affected system, potentially leading to full system compromise, data exfiltration, or denial of service.
What is the Exploitability of CVE-2023-7018?
Exploitation complexity varies depending on the specific attack vector, but generally involves the attacker providing malicious serialized data to the vulnerable application. Prerequisites include the application processing untrusted serialized data using affected versions of Hugging Face Transformers. Authentication requirements depend on whether the entry point for serialized data input is authenticated or unauthenticated. The attack mechanism can be remote if the application accepts serialized data from external sources. No specific privilege escalation is inherently part of the deserialization process itself, but code would run with the privileges of the application. The risk factors are significantly higher if the application frequently loads or exchanges serialized objects from untrusted sources.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2023-7018?
Available Upgrade Options
- transformers
- <4.36.0 → Upgrade to 4.36.0
- transformers
- <1d63b0ec361e7a38f1339385e8a5a855085532ce → Upgrade to 1d63b0ec361e7a38f1339385e8a5a855085532ce
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-301.yaml
- https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
- https://github.com/huggingface/transformers
- https://nvd.nist.gov/vuln/detail/CVE-2023-7018
- https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c
- https://osv.dev/vulnerability/PYSEC-2023-301
- https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
- https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c
- https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
- https://osv.dev/vulnerability/GHSA-v68g-wm8c-6x7j
What are Similar Vulnerabilities to CVE-2023-7018?
Similar Vulnerabilities: CVE-2024-11394 , CVE-2023-47248 , CVE-2023-6975 , CVE-2024-1455 , CVE-2021-44228
