Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

The open-source libraries were created by Salesforce, Nvidia, and Apple with a Swiss group Vulnerabilities in popular AI and ...

热门Python库存在元数据投毒攻击漏洞

Hugging Face模型中使用的热门AI和机器学习Python库存在漏洞,这些库的下载量达到数千万次。该漏洞允许远程攻击者在元数据中隐藏恶意代码,当加载包含被投毒元数据的文件时,恶意代码会自动执行。