Lucene search
MitreCVELIST:CVE-2021-35958HistoryJun 30, 2021 - 12:12 a.m.
CVE-2021-35958
2021-06-3000:12:53
mitre
www.cve.org
3
tensorflow
file overwrite
crafted archive
tf.keras.utils.get_file
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor’s position is that tf.keras.utils.get_file is not intended for untrusted archives
References
docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall
github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/README.md
github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/utils/data_utils.py#L137
keras.io/api/
vuln.ryotak.me/advisories/52
Related
prion
prion
Code injection
2021-06-30 01:15:00
osv
osv
BIT-tensorflow-2021-35958
2024-03-06 11:17:54
cve
cve
CVE-2021-35958
2021-06-30 01:15:07
nvd
nvd
CVE-2021-35958
2021-06-30 01:15:07