Insecure Temporary File in huggingface/transformers


Reported on

Jan 5th 2023


transformers package is using the deprecated function tempfile.mktemp() which is not secure. Because a different process may create a file with this name in the time between the call to mktemp() and the subsequent attempt to create the file by the first process.

Functions that create temporary file names (such as tempfile.mktemp()) are fundamentally insecure, as they do not ensure exclusive access to a file with the temporary name they return. The file name returned by these functions is guaranteed to be unique on creation but the file must be opened in a separate operation. There is no guarantee that the creation and open operations will happen atomically. This provides an opportunity for an attacker to interfere with the file before it is opened.

Use mkstemp() instead of tempfile.mktemp().


Availability will get affected because of this vulnerability.

We are processing your report and will contact the huggingface/transformers team within 24 hours. a year ago
ready-research submitted a
a year ago
We have contacted a member of the huggingface/transformers team and are waiting to hear back a year ago
Sylvain Gugger validated this vulnerability 9 months ago
ready-research has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
6 months ago


Hi @admin my patch is merged into the main branch.

Accidentally I deleted my forked repository. Can you please suggest me a way to get a fixed bounty? Thanks.

Sylvain Gugger marked this as fixed in 4.30.0 with commit 80ca92 6 months ago
ready-research has been awarded the fix bounty
This vulnerability has been assigned a CVE
Sylvain Gugger published this vulnerability 6 months ago
Ben Harvie
6 months ago


Hi ready-research, it looks like you've still be awarded the fix bounty - let me know if there's any other issues I can help with.

to join this conversation