Swin-Transformer icon indicating copy to clipboard operation
Swin-Transformer copied to clipboard
verified publisher icon microsoft

🚨 Potential Deserialization of Untrusted Data (CWE-502)

Open huntr-helper opened this issue 4 years ago • 2 comments

👋 Hello, @ancientmooner, @microsoftopensource, @zeliu98 - a potential high severity Deserialization of Untrusted Data (CWE-502) vulnerability in your repository has been disclosed to us.

Next Steps

1️⃣ Visit https://huntr.dev/bounties/1-other-microsoft/Swin-Transformer for more advisory information.

2️⃣ Sign-up to validate or speak to the researcher for more assistance.

3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.

✏️ NOTE: If we don't hear from you in 14 days, we will proactively source a fix for this vulnerability (and open a PR) to ensure community safety.

Confused or need more help?

  • Join us on our Discord and a member of our team will be happy to help! 🤗

  • Speak to a member of our team: @JamieSlome

This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.

huntr-helper avatar Apr 29 '21 17:04 huntr-helper

@ancientmooner @zeliu98 Take a look into CVE-2021-31200 the same bug was reported and fixed on microsoft/nni https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31200

Anon-Artist avatar May 13 '21 11:05 Anon-Artist

@ancientmooner @zeliu98 @msftgits any updates on this 😇

Anon-Artist avatar Jun 10 '21 06:06 Anon-Artist