CVE-2024-11394: Python Pickle Load Without Trust Remote Code Gate
`pickle.load()` is invoked on a checkpoint file inside a HuggingFace Transformers model-conversion script without first verifying the `TRUST_REMOTE_CODE` environment variable. Python pickle deserialization executes arbitrary code embedded in the input via `__reduce__`, so unpickling attacker-controllable checkpoint files (e.g. `model_args.pkl`, `.metadata`)
greprules fetch cve-2024-11394-python-pickle-load-without-trust-remote-code-gate --engine opengrepDescription
`pickle.load()` is invoked on a checkpoint file inside a HuggingFace Transformers model-conversion script without first verifying the `TRUST_REMOTE_CODE` environment variable. Python pickle deserialization executes arbitrary code embedded in the input via `__reduce__`, so unpickling attacker-controllable checkpoint files (e.g. `model_args.pkl`, `.metadata`)
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.