cbcvebase.
CVE-2023-2800
published 2023-05-18

CVE-2023-2800: Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

PriorityP415medium4.7CVSS 3.1
AVLACHPRLUINSUCNINAH
EPSS
0.28%
19.9th percentile
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

Affected

4 ranges
VendorProductVersion rangeFixed in
huggingfacehuggingface_transformers>= unspecified < 4.30.04.30.0
huggingfacetransformers< 4.30.04.30.0
huggingfacetransformers>= 0 < 4.30.04.30.0
huggingfacetransformers>= 0 < 80ca92470938bbcc348e2d9cf4734c7c25cb1c4380ca92470938bbcc348e2d9cf4734c7c25cb1c43

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv3.04.7MEDIUMCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.