CVE-2021-35958
published 2021-06-30CVE-2021-35958: TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the…
critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | <= 2.5.0 | — | |
| linux | linux_kernel | >= 0 < 5.4.0-214.234 | 5.4.0-214.234 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
osv5.5MEDIUM