CVE-2021-35958

Exposure of Resource to Wrong Sphere in pypi/tensorflow-cpu

Identifier

CVE-2021-35958

Package Slug

pypi/tensorflow-cpu

Vulnerability

Exposure of Resource to Wrong Sphere

Description

TensorFlow allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.

Affected Versions

All versions up to 2.5.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-07-08

source