Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes automatically when a file containing the poisoned metadata is loaded.

The open source libraries - NeMo, Uni2TS, and FlexTok - were created by Nvidia, Salesforce, and Apple working with the Swiss Federal Institute of Technology's Visual Intelligence and Learning Lab (EPFL VILAB), respectively. 

All three libraries use Hydra, another Python library maintained by Meta and commonly used as a configuration management tool for machine learning projects. Specifically, the vulnerabilities involve Hydra's instantiate() function.

Palo Alto Networks' Unit 42 spotted the security flaws and reported them to the libraries' maintainers, who have since issued security warnings, fixes and, in two cases, CVEs. While the threat hunters say they haven't seen any in-the-wild abuse of these vulnerabilities to date ...