{"id":"GHSA-282v-666c-3fvg","summary":"transformers has Insecure Temporary File","details":"Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0.","aliases":["CVE-2023-2800","PYSEC-2023-299"],"modified":"2024-11-22T20:46:03.459663Z","published":"2023-05-18T18:30:35Z","database_specific":{"github_reviewed":true,"github_reviewed_at":"2023-05-19T13:27:42Z","nvd_published_at":"2023-05-18T17:15:08Z","cwe_ids":["CWE-377"],"severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2800"},{"type":"WEB","url":"https://github.com/huggingface/transformers/pull/23372"},{"type":"WEB","url":"https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43"},{"type":"PACKAGE","url":"https://github.com/huggingface/transformers"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yaml"},{"type":"WEB","url":"https://huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44a"}],"affected":[{"package":{"name":"transformers","ecosystem":"PyPI","purl":"pkg:pypi/transformers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.30.0"}]}],"versions":["0.1","2.0.0","2.1.0","2.1.1","2.10.0","2.11.0","2.2.0","2.2.1","2.2.2","2.3.0","2.4.0","2.4.1","2.5.0","2.5.1","2.6.0","2.7.0","2.8.0","2.9.0","2.9.1","3.0.0","3.0.1","3.0.2","3.1.0","3.2.0","3.3.0","3.3.1","3.4.0","3.5.0","3.5.1","4.0.0","4.0.0rc1","4.0.1","4.1.0","4.1.1","4.10.0","4.10.1","4.10.2","4.10.3","4.11.0","4.11.1","4.11.2","4.11.3","4.12.0","4.12.1","4.12.2","4.12.3","4.12.4","4.12.5","4.13.0","4.14.0","4.14.1","4.15.0","4.16.0","4.16.1","4.16.2","4.17.0","4.18.0","4.19.0","4.19.1","4.19.2","4.19.3","4.19.4","4.2.0","4.2.1","4.2.2","4.20.0","4.20.1","4.21.0","4.21.1","4.21.2","4.21.3","4.22.0","4.22.1","4.22.2","4.23.0","4.23.1","4.24.0","4.25.0","4.25.1","4.26.0","4.26.1","4.27.0","4.27.1","4.27.2","4.27.3","4.27.4","4.28.0","4.28.1","4.29.0","4.29.1","4.29.2","4.3.0","4.3.0rc1","4.3.1","4.3.2","4.3.3","4.4.0","4.4.1","4.4.2","4.5.0","4.5.1","4.6.0","4.6.1","4.7.0","4.8.0","4.8.1","4.8.2","4.9.0","4.9.1","4.9.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-282v-666c-3fvg/GHSA-282v-666c-3fvg.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}