漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Regular Expression Denial of Service (ReDoS) in huggingface/transformers
Vulnerability Description
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
transformers 安全漏洞
Vulnerability Description
transformers是Hugging Face开源的一个用于机器学习的应用程序。 transformers 4.48.1版本存在安全漏洞,该漏洞源于正则表达式处理特制输入时出现指数级复杂度,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A