Remote Code execution risk
#24
by
srivishnuceg
- opened
Could you please confirm whether this carries risk of RCE?
The "remote code" that will be executed are these two files:
- https://huggingface.co/dunzhang/stella_en_1.5B_v5/blob/main/modeling_qwen.py
- https://huggingface.co/dunzhang/stella_en_1.5B_v5/blob/main/tokenization_qwen.py
Beyond that, it's just code from e.g. transformers/sentence-transformers.
As far as I can tell, these two files are clean. I've used them myself, as well.
- Tom Aarsen
Great @tomaarsen , thanks!