Peng Zhou

Hi @WeichenXu123 and @Haxatron I have reported this bypass at the 29th Dec. 2023 in https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298/, not quite sure who is the first reporter and please have a check, thanks!

Hello, I find the proposed patch can be simply bypassed via the HTTP redirection trick. I demo the bypass steps as follows: 1, run the following Python scripts in any...

Yes, this is related to a `PyTorch Deserialization` that can be exploited from HuggingFace's Demo Code remotely, hence enabling attackers abuse your BERTopic to phish over HuggingFace repos. But if...

Oh, you may not need to drop `pickle` and `pytorch`, my finding is just for the unsafe load of `pytorch` model file and that can be abused by the attackers...