CVE-2020-15194: Improper Input Validation
(updated )
In Tensorflow, the SparseFillEmptyRowsGrad
implementation has incomplete validation of the shapes of its arguments. Although reverse_index_map_t
and grad_values_t
are accessed in a similar pattern, only reverse_index_map_t
is validated to be of proper shape. Hence, malicious users can pass a bad grad_values_t
to trigger an assertion failure in vec
, causing denial of service in serving installations.
References
Detect and mitigate CVE-2020-15194 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →