CVE-2024-11394
Deserialization of Untrusted Data vulnerability in transformers (PyPI)
What is CVE-2024-11394 About?
This is a serious Deserialization of Untrusted Data vulnerability in Hugging Face Transformers' Trax Model, enabling remote code execution. The flaw allows attackers to execute arbitrary code by supplying a malicious model file. Exploitation requires user interaction, but its impact is severe.
Affected Software
Technical Details
The vulnerability resides in the handling of Trax model files within Hugging Face Transformers. The underlying issue is a lack of proper validation when deserializing user-supplied model data. An attacker can craft a malicious Trax model file that, when opened or processed by a vulnerable application, triggers insecure deserialization. This insecure process allows the attacker to embed arbitrary code within the serialized object. When deserialized, this malicious code is executed in the context of the current user running the application. The attack vector specifically leverages the programmatic reconstruction of objects from a data stream that was not adequately sanitized or checked for harmful content, leading to arbitrary code execution (ACE).
What is the Impact of CVE-2024-11394?
Successful exploitation may allow attackers to execute arbitrary code on the affected system, gaining full control over the compromised machine. This can lead to data theft, system compromise, and further attacks.
What is the Exploitability of CVE-2024-11394?
Exploitation of this vulnerability requires user interaction. The target user must either visit a malicious webpage or open a malicious file (e.g., a crafted Trax model file). The complexity of crafting the malicious file can be moderate, but the vector relies on social engineering. No specific authentication or privilege escalation is explicitly mentioned as required for the initial payload delivery beyond the user's normal permissions when interacting with the malicious content. The attack can be considered remote if the malicious file is delivered over the network or if the webpage serving it is remote. The existence of a proof-of-concept (PoC) increases the risk and likelihood of real-world exploitation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| Piyush-Bhor | Link | Technical Details and Exploit for CVE-2024-11394 |
What are the Available Fixes for CVE-2024-11394?
Available Upgrade Options
- transformers
- <4.48.0 → Upgrade to 4.48.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2024-229.yaml
- https://www.zerodayinitiative.com/advisories/ZDI-24-1515/
- https://github.com/huggingface/transformers
- https://osv.dev/vulnerability/PYSEC-2024-229
- https://osv.dev/vulnerability/GHSA-hxxf-235m-72v3
- https://www.zerodayinitiative.com/advisories/ZDI-24-1515/
- https://nvd.nist.gov/vuln/detail/CVE-2024-11394
- https://www.zerodayinitiative.com/advisories/ZDI-24-1515
- https://github.com/huggingface/transformers/pull/35296
- https://github.com/huggingface/transformers/issues/34840
What are Similar Vulnerabilities to CVE-2024-11394?
Similar Vulnerabilities: CVE-2023-47248 , CVE-2023-7018 , CVE-2023-6975 , CVE-2024-1455 , CVE-2021-44228
