GHSA-j7w6-vpvq-j3gm: Diffusers: None.py has Trust Remote Code Bypass
The vulnerability is a silent RCE - it allows arbitrary code to be loaded through the custom_pipeline flow from a Hub repo, with no custom_pipeline or trust_remote_code kwargs and nothing suspicious in the config. The from_pretrained call succeeds and returns a functional pipeline.
References
- github.com/advisories/GHSA-j7w6-vpvq-j3gm
- github.com/huggingface/diffusers
- github.com/huggingface/diffusers/commit/a37f6f8394ac2a7ee8360c3abea811efe54512b1
- github.com/huggingface/diffusers/pull/13448
- github.com/huggingface/diffusers/releases/tag/v0.38.0
- github.com/huggingface/diffusers/security/advisories/GHSA-j7w6-vpvq-j3gm
Code Behaviors & Features
Detect and mitigate GHSA-j7w6-vpvq-j3gm with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →