Exposure of Resource to Wrong Sphere in pypi/tensorflow-cpu
Exposure of Resource to Wrong Sphere
TensorFlow allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.
All versions up to 2.5.0
Unfortunately, there is no solution available yet.