Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

This article discusses vulnerabilities in popular AI and ML Python libraries used with Hugging Face models, which could allow remote attackers to embed malicious code in metadata. The flaws involve Hydra’s instantiate() function, and while fixes and CVEs have been issued, there remains potential for exploitation. #HydraSecurity #NeMo #Uni2TS #FlexTok #HuggingFaceModels

Keypoints

Vulnerabilities in Python libraries NeMo, Uni2TS, and FlexTok use Hydra’s instantiate() function, enabling remote code execution.
Attackers can insert malicious metadata into models, potentially compromising systems when models are loaded.
Security flaws were identified by Palo Alto Networks’ Unit 42 and addressed with CVEs and fixes from maintainers.
Developers often create custom models from popular ones, increasing the attack surface for malicious modifications.
Hydra’s documentation now warns about RCE risks, recommending a block-list mechanism for safer configuration handling.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print