**Name of the Vulnerable Software and Affected Versions**

NVIDIA Merlin Transformers4Rec (affected versions not specified)

**Description**

NVIDIA Merlin Transformers4Rec contains a vulnerability in a Python dependency that could allow an attacker to cause a code injection issue. Successful exploitation of this issue may lead to code execution, escalation of privileges, information disclosure, and data tampering. The issue is related to the `load model trainer states from checkpoint` function, which uses `torch.load()` from PyTorch without security parameters. `torch.load()` utilizes the Python `pickle` module, which is known to be unsafe when processing untrusted data. The `pickle` module allows the serialization and deserialization of arbitrary Python objects, including those that can execute code during deserialization. An attacker can create a malicious checkpoint file that executes arbitrary commands when loaded. The exploit uses the ` reduce ` method from `pickle` to execute system commands. The vulnerability was addressed in commit b7eaea5, which modified the way checkpoint files are loaded and added additional validation of serialized Python objects. The library now implements a serialization mechanism through `serialization.py`, which restricts deserialization to approved classes and uses a safe loading function with type checking.

**Recommendations**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.