CRITICAL🇵🇱 Wersja polska

CVE-2021-35958

CVSS 9.1v3.1pub. 2021-06-30upd. 2024-11-21

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Google Tensorflow

    APP
    Google
    ≤ 2.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2023-25668CRITICAL9.8ten sam produkt

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11...

CVE-2021-37678CRITICAL9.3ten sam produkt

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Ker...

CVE-2020-15202CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the...

CVE-2020-15205CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops...

CVE-2020-15206CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` pr...