Skip to content

Commit bb824cc

Browse files
committed
fix: CVEs, fixed pillow's, allowed pytorch's
Signed-off-by: DWarez <dario.salvati@huggingface.co>
1 parent 54861cb commit bb824cc

2 files changed

Lines changed: 10 additions & 2 deletions

File tree

docker/huggingface/pytorch/Dockerfile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
3737
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
3838

3939
# --- HuggingFace training stack ------------------------------------------
40-
# soupsieve floor is a CVE backport (GHSA-2wc2-fm75-p42x, GHSA-836r-79rf-4m37:
41-
# ReDoS in the CSS selector parser), flagged by the ECR scan on this base.
40+
# Security floors for ECR findings: soupsieve fixes GHSA-2wc2-fm75-p42x and
41+
# GHSA-836r-79rf-4m37; Pillow 12.3.0 fixes CVE-2026-55379.
4242
RUN uv pip install --python ${VENV_PYTHON} \
4343
transformers==${TRANSFORMERS_VERSION} \
4444
huggingface-hub==${HUGGINGFACE_HUB_VERSION} \
@@ -53,6 +53,7 @@ RUN uv pip install --python ${VENV_PYTHON} \
5353
"vllm==${VLLM_VERSION}" \
5454
"math-verify==${MATH_VERIFY_VERSION}" \
5555
sentencepiece protobuf einops scipy scikit-learn tensorboard \
56+
"pillow>=12.3.0" \
5657
"soupsieve>=2.8.4" \
5758
&& uv cache clean
5859

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
[
2+
{
3+
"vulnerability_id": "CVE-2026-24747",
4+
"reason": "Inspector matched torch 2.9.1 only in /opt/venv/lib/python3.12/site-packages/benchmarks/requirements.txt; the installed runtime is torch 2.11.0 from the PyTorch 2.11.0 base image, so the vulnerable package version is not present. Remove this entry when the upstream package stops shipping the stale benchmark manifest.",
5+
"review_by": "2026-10-31"
6+
}
7+
]

0 commit comments

Comments
 (0)