CVE-2021-35958

Published June 30th, 2021

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives

tensorflow/tensorflow

An Open Source Machine Learning Framework for Everyone

GitHub

196K