8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-11394

GHSA ID

GHSA-hxxf-235m-72v3

EPSS Score

0.9386%

CWE

CWE-502

Published

11/23/2024

Updated

2/13/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-11394

CVE-2024-11394: Deserialization of Untrusted Data in Hugging Face Transformers

Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-11394

GHSA ID

GHSA-hxxf-235m-72v3

EPSS Score

0.9386%

CWE

CWE-502

Published

11/23/2024

Updated

2/13/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
transformers	pip	>= 0, < 4.48.0	4.48.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure deserialization in model conversion scripts, as indicated by the patch removing these scripts from release wheels (PR #35296). The scripts handled formats like pickle, which are inherently unsafe when loading untrusted data. While explicit function names aren't provided in the advisory, the context strongly points to Trax model conversion scripts as the attack vector. The high confidence comes from the direct correlation between the patch action (removing conversion scripts) and the vulnerability description (unsafe deserialization in model handling).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*u**in* **** Tr*ns*orm*rs Tr*x Mo**l **s*ri*liz*tion o* Untrust** **t* R*mot* *o** *x**ution Vuln*r**ility. T*is vuln*r**ility *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** on *****t** inst*ll*tions o* *u**in* **** Tr*ns*orm*rs. Us*r int*r**tion

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* **s*ri*liz*tion in mo**l *onv*rsion s*ripts, *s in*i**t** *y t** p*t** r*movin* t**s* s*ripts *rom r*l**s* w***ls (PR #*****). T** s*ripts **n*l** *orm*ts lik* pi*kl*, w*i** *r* in**r*ntly uns*** w**n lo**in* unt

8.8

Basic Information

Concerned about an active attack path?

CVE-2024-11394: Deserialization of Untrusted Data in Hugging Face Transformers

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI