How severe is CVE-2024-12720?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-12720?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2024-12720 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file tokenization_nougat_fast.py. The vulnerability occurs in the post_process_single() function, where a regular expression processes specially crafted input. The issue stems from the regex exhibiting exponential time complexity under certain conditions, leading to excessive backtracking. This can result in significantly high CPU usage and potential application downtime, effectively creating a Denial of Service (DoS) scenario. The affected version is v4.46.3 (latest).

Related Vulnerabilities

CVE-2017-20162

MEDIUM

CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to i...

CWE-13332017

CVE-2021-23362

MEDIUM

CVSS:5.3(Medium)

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular e...

CWE-13332021