Product
A remote code execution vulnerability exists in Hugging Face diffusers versions prior to 0.38.0 allowing arbitrary code execution through the `custom_pipeline` flow via a `None.py` file in a Hugging Face Hub repository, bypassing trust checks.