CVE-2020-15197: Improper Input Validation
(updated )
In Tensorflow, the SparseCountSparseOutput
implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices
tensor has rank This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a CHECK
assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor.
References
Detect and mitigate CVE-2020-15197 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →