Remediation Steps
- Update the huggingface/transformers library to version 4.38 or later.
- Avoid loading model checkpoints from untrusted sources.
- Implement additional checks or sandbox environments for deserializing data from external sources.
- Regularly audit and monitor environments for unusual activities that could indicate exploitation attempts.
Patch Details
- Fixed Version: 4.38
- Patch Commit: https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.