Vulnerabilities in Linked Code

100% found this helpful

Vulnerability Info

Vulnerability Typesecurity
CVE Number
Created Date2024/06/27
Reported By@indiana-university
References

    Affected Versions

    @b6bd078895fa85dc7641fc0e227e80c769c6395d02 March 2023

    Description

    Vulnerability Summary

    The model luciolrv/sd-class-butterflies-32 is associated with a code repository https://github.com/huggingface/diffusion-models-class for which 3 CWEs (including 0 high severity vulnerabilities) were identified. The weaknesses and vulnerabilities listed here are for informational purposes about the model supply chain and may not be explicit in the model itself.

    The model associated with luciolrv/sd-class-butterflies-32 has been found to have 1 Common Weakness Enumeration (CWE), including 0 high severity vulnerabilities.

    The identified weakness is CWE-676: Use of Potentially Dangerous Function. This weakness highlights that the product invokes a potentially dangerous function that could introduce a vulnerability if used incorrectly, but can also be used safely.

    For more information, visit CWE-676.

    The GitHub repository is linked in the huggingface README.md.

    The vulnerabilities were discovered using Semgrep and Bandit.

    URL: https://huggingface.co/luciolrv/sd-class-butterflies-32

    PURL: pkg:huggingface/luciolrv/sd-class-butterflies-32@b6bd078895fa85dc7641fc0e227e80c769c6395d

    SHA: b6bd078895fa85dc7641fc0e227e80c769c6395d

    Author: luciolrv

    Tags: ['diffusers', 'pytorch', 'unconditional-image-generation', 'diffusion-models-class', 'license:mit', 'diffusers:DDPMPipeline', 'region:us']

    Downloads: 5

    Likes: 0

    GitHub Link: https://github.com/huggingface/diffusion-models-class

    Low Severity Weaknesses: 3

    Medium Severity Weaknesses: 0

    High Severity Weaknesses: 0

    Total Weaknesses Identified: 3

    Common Weaknesses Enumerations (CWEs) Identified:

    CWEDescriptionURL
    CWE - 676 : Use of Potentially Dangerous FunctionThe product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.676
    contributor image
    Indiana University Kelley School Data Science and AI Lab
    Helpfulness score: 1