Количество 3
Количество 3
CVE-2025-1194
A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest).
GHSA-fpwr-67px-3qhx
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
BDU:2025-12552
Уязвимость функции SubWordJapaneseTokenizer библиотеки Hugging Face Transformers, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-1194 A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions process specially crafted inputs. The issue stems from a regex exhibiting exponential complexity under certain conditions, leading to excessive backtracking. This can result in high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.48.1 (latest). | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-fpwr-67px-3qhx Transformers Regular Expression Denial of Service (ReDoS) vulnerability | CVSS3: 4.3 | 0% Низкий | 10 месяцев назад |
 | BDU:2025-12552 Уязвимость функции SubWordJapaneseTokenizer библиотеки Hugging Face Transformers, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 4.3 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу