{"data":{"id":"348483d7-8bbe-4c9d-b9ac-53ce505c6f36","title":"CVE-2022-29216: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow","summary":"TensorFlow's `saved_model_cli` tool (a utility for working with saved machine learning models) had a code injection vulnerability in versions before 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which could allow an attacker to open a reverse shell (a backdoor connection giving remote control of a system). The vulnerability existed because the tool used `eval` (a function that executes text as code) on user input for compatibility with older test cases, but since the tool requires manual operation, the practical risk was limited.","solution":"Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later. The maintainers removed the `safe=False` argument, so all parsing is now done without calling `eval`.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-29216","publishedAt":"2022-05-21T04:15:11.980Z","cveId":"CVE-2022-29216","cweIds":["CWE-94"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00134,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}