Lucene search

Veracode Vulnerability DatabaseVERACODE:32842

HistoryNov 08, 2021 - 10:57 a.m.

Command Injection

2021-11-0810:57:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

tensorflow is vulnerable to command injection. An attacker can inject and execute malicious commands via the saved_model_cli.py when it calls the eval on user-supplied strings.

CPENameOperatorVersion
tensorflowle2.5.1
tensorflowle2.7.0rc1
tensorflowle2.4.3
tensorflowle2.6.0
tensorflow-gpueq2.7.0rc1
tensorflow-gpule2.5.1
tensorflow-gpule2.4.3
tensorflow-gpule2.6.0
tensorflow-cpule2.5.1
tensorflow-cpule2.7.0rc1

Name	Operator	Version
tensorflow	le	2.5.1
tensorflow	le	2.7.0rc1
tensorflow	le	2.4.3
tensorflow	le	2.6.0
tensorflow-gpu	eq	2.7.0rc1
tensorflow-gpu	le	2.5.1
tensorflow-gpu	le	2.4.3
tensorflow-gpu	le	2.6.0
tensorflow-cpu	le	2.5.1
tensorflow-cpu	le	2.7.0rc1

Rows per page:

1-10 of 241

References

github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7

github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:32842