13 matches found
EUVD-2021-0450
Malware in sbrugna...
EUVD-2022-2924
Malicious code in bioql PyPI...
CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...
Code injection in `saved_model_cli` in TensorFlow
Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection: savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./ --tagset serve --signaturedef servingdefault This can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...
CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...
Code injection
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...
CVE-2022-29216 Code injection in `saved_model_cli` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...
CVE-2022-29216
TensorFlow CVE-2022-29216 affects the saved_model_cli tool. Prior to 2.9.0 and backports to 2.8.1, 2.7.2, and 2.6.4, the tool allowed code injection via numpy expressions, potentially enabling a reverse shell. The issue stems from unsafe evaluation of input expressions; a patch removes the safe=F...
Code injection in `saved_model_cli`
Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings python def preprocessinputexprsargstringinputexprsstr: ... for inputraw in filterbool, inputexprsstr.split';': ... inputkey, expr = inputraw.split'=', 1 inputdictinputkey = evalexpr...
CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
PYSEC-2021-420
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
Code injection
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
CVE-2021-41228 Code injection in `saved_model_cli`
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...