Lucene search
Veracode Vulnerability DatabaseVERACODE:34147HistoryFeb 11, 2022 - 9:38 a.m.
Time-of-check To Time-of-use (TOCTOU)
2022-02-1109:38:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
time-of-check time-of-use vulnerability
tempfile
software
EPSS
0
Percentile
5.1%
tensorflow is vulnerable to time-of-check to time-of-use vulnerability. The use of tempfile.mktemp allows different process to create the file between the check for the filename in mktemp and the actual creation of the file by a subsequent operation.
References
github.com/tensorflow/tensorflow/blob/87462bfac761435a46641ff2f10ad0b6e5414a4b/tensorflow/compiler/mlir/tensorflow/tests/tf_saved_model/common_v1.py#L85
github.com/tensorflow/tensorflow/blob/c35fbff6d5748d8d0da415992d2199d878d04f6d/tensorflow/security/advisory/tfsa-2022-027.md
github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm
Related
osv
osv
CVE-2022-23563
2022-02-04 23:15:13
PYSEC-2022-127
2022-02-04 23:15:00
BIT-tensorflow-2022-23563
2024-03-06 11:15:23
cnvd
cnvd
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09890)
2022-02-09 00:00:00
prion
prion
Stack overflow
2022-02-04 23:15:00
nvd
nvd
CVE-2022-23563
2022-02-04 23:15:13
github
github
Insecure temporary file in Tensorflow
2022-02-09 23:54:51
huntr
huntr
Insecure Temporary File in tensorflow/tensorflow
2022-01-05 15:29:56
cve
cve
CVE-2022-23563
2022-02-04 23:15:13
cvelist
cvelist
CVE-2022-23563 Insecure temporary file in Tensorflow
2022-02-04 22:32:38
