Deserialization Vulnerability in Model Checkpoint Loading
A Deserialization of Untrusted Data vulnerability was identified in the huggingface/transformers library, specifically within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class, affecting version 4.37.2. This vulnerability allows attackers to execute arbitrary code via a malicious serialized payload. It was patched in version 4.38.
Available publicly on Mar 27 2024 | Available with Premium on Feb 13 2024
Remediation Steps
- Update the huggingface/transformers library to version 4.38 or later.
- Avoid loading model checkpoints from untrusted sources.
- Implement additional checks or sandbox environments for deserializing data from external sources.
- Regularly audit and monitor environments for unusual activities that could indicate exploitation attempts.
Patch Details
- Fixed Version: 4.38
- Patch Commit: https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.