CVE-2020-15199: Improper Input Validation
(updated )
In Tensorflow, the RaggedCountSparseOutput
does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits
tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since BatchedMap
is equivalent to a vector, it needs to have at least one element to not be nullptr
. If user passes a splits
tensor that is empty or has exactly one element, we get a SIGABRT
signal raised by the operating system.
References
Detect and mitigate CVE-2020-15199 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →