Safety vulnerability ID: 56095
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Tensorflow-gpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v
https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7
Latest version: 2.12.0
Removed: please install "tensorflow" instead.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application