CVE-2021-37638: NULL Pointer Dereference
(updated )
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for row_partition_types
of tf.raw_ops.RaggedTensorToTensor
API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values without validating that the provided list is not empty.
References
Detect and mitigate CVE-2021-37638 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →