RCE and Worm Infection via Deserialization in RagRetriever Model Loading
A vulnerability in the Hugging Face transformers library (v4.35.2) allows attackers to execute arbitrary code and propagate a worm by exploiting the `RagRetriever.from_pretrained()` function. This is achieved through deserialization of untrusted data from maliciously crafted pickle files, bypassing the library's security scanning. The issue was patched in version 4.36.
Available publicly on Dec 12 2023 | Available with Premium on Dec 08 2023
Remediation Steps
- Ensure your Hugging Face transformers library is updated to version 4.36 or later.
- Avoid loading models from untrusted or unknown sources.
- Implement additional checks or sandbox environments for running code from external sources.
- Monitor and audit model loading activities for unusual or unauthorized behavior.
Patch Details
- Fixed Version: 4.36
- Patch Commit: https://github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.