Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the ResourceGraphDefinition resources. An attacker can execute arbitrary code on cluster nodes by supplying attacker-controlled images. This is only exploitable if the user has...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via the ResourceGraphDefinition resources. An attacker can execute arbitrary code on cluster nodes by supplying attacker-controlled images. This is only exploitable if the user has...

CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

PT-2022-16108 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The GraphDef format in TensorFlow does not allow self recursive functions...