CVSS 3.1 Score 7.8 of 10 (high)


Published Dec 20, 2023
Updated: Dec 30, 2023
CWE ID 502


CVE-2023-7018 is a high severity vulnerability in the GitHub repository huggingface/transformers prior to version 4.36, affecting various products such as rX2lzA, rX2lzB, rX2lyQ, and t81Db_. This vulnerability is related to the deserialization of untrusted data and has a risk score of 28. It requires user interaction and can be exploited locally. The potential danger to organizations is significant as it can lead to high impact on confidentiality and integrity of data. To remediate this vulnerability, it is recommended to update the affected products to version 4.36 or above.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-7018 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options