CVE-2021-41228

Improper Control of Generation of Code ('Code Injection') in pypi/tensorflow

Identifiers

CVE-2021-41228, GHSA-3rcw-9p9x-582v

Package Slug

pypi/tensorflow

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

TensorFlow is an open source platform for machine learning.This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a safe flag which defaults to True and an explicit warning for users.

Affected Versions

All versions starting from 2.4.0 before 2.4.4, all versions starting from 2.5.0 before 2.5.2, all versions starting from 2.6.0 before 2.6.1, version 2.7.0

Solution

Upgrade to versions 2.4.4, 2.5.2, 2.6.1 or above.

Last Modified

2021-11-11

source