CVE-2024-11393
Deserialization of Untrusted Data vulnerability in transformers (PyPI)
What is CVE-2024-11393 About?
This is a Deserialization of Untrusted Data vulnerability in Hugging Face Transformers MaskFormer Model, leading to Remote Code Execution. The flaw allows remote attackers to execute arbitrary code by supplying a malicious model file, requiring user interaction to trigger. While it needs user interaction, the impact is severe, granting code execution.
Affected Software
Technical Details
The vulnerability lies within the parsing of model files in the Hugging Face Transformers MaskFormer Model. The core issue is a lack of proper validation when deserializing user-supplied data, specifically model files. An attacker can craft a malicious model file that, when loaded, contains serialized objects designed to trigger arbitrary code execution during the deserialization process. This is often achieved through 'gadget chains' where the deserializer reconstructs objects with methods that have dangerous side effects. User interaction is required, as the target must explicitly download and open or load this malicious model file, typically from a malicious page or attachment. Once loaded, the untrusted data is deserialized, leading to code execution in the context of the current user.
What is the Impact of CVE-2024-11393?
Successful exploitation may allow attackers to execute arbitrary code on the affected system, leading to full system compromise, data theft, and installation of malware.
What is the Exploitability of CVE-2024-11393?
Exploitation of this deserialization vulnerability is of moderate complexity. It requires the attacker to craft a malicious model file and entice the victim to load it, for example, by visiting a malicious page or opening a malicious file. No prior authentication is directly required on the vulnerable system itself, but user interaction is a prerequisite. The attacker gains code execution in the context of the user who loaded the malicious model. This is a remote exploitation scenario, typically involving social engineering to deliver the malicious payload. Special conditions include the target system running the vulnerable Hugging Face Transformers MaskFormer Model and the user's willingness to interact with attacker-controlled content. Risk factors are increased in environments where users frequently load models from untrusted sources.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| Piyush-Bhor | Link | Technical Details and Exploit for CVE-2024-11393 |
What are the Available Fixes for CVE-2024-11393?
Available Upgrade Options
- transformers
- <4.48.0 → Upgrade to 4.48.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://www.zerodayinitiative.com/advisories/ZDI-24-1514
- https://www.zerodayinitiative.com/advisories/ZDI-24-1514/
- https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-228.yaml
- https://nvd.nist.gov/vuln/detail/CVE-2024-11393
- https://github.com/huggingface/transformers
- https://www.zerodayinitiative.com/advisories/ZDI-24-1514/
- https://osv.dev/vulnerability/PYSEC-2024-228
- https://github.com/huggingface/transformers/pull/35296
- https://github.com/huggingface/transformers/issues/34840
What are Similar Vulnerabilities to CVE-2024-11393?
Similar Vulnerabilities: CVE-2021-44228 , CVE-2020-36239 , CVE-2019-12384 , CVE-2017-1000487 , CVE-2015-7581
