Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow ...

热门Python库存在元数据投毒攻击漏洞

Hugging Face模型中使用的热门AI和机器学习Python库存在漏洞,这些库的下载量达到数千万次。该漏洞允许远程攻击者在元数据中隐藏恶意代码,当加载包含被投毒元数据的文件时,恶意代码会自动执行。