{"data":{"id":"3b7dea1c-81ad-4b94-92e5-732fc44f6a74","title":"CVE-2021-29590: TensorFlow is an end-to-end open source platform for machine learning. The implementations of the `Minimum` and `Maximum","summary":"TensorFlow (an open source machine learning platform) has a vulnerability in its `Minimum` and `Maximum` operators that can allow reading data outside the bounds of allocated memory if one of the input tensors is empty, because the broadcasting implementation (the process of making tensors compatible for operations) doesn't check whether array indexes are valid. This is a memory access bug that could expose sensitive data.","solution":"The fix will be included in TensorFlow 2.5.0 and will be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29590","publishedAt":"2021-05-15T00:15:14.817Z","cveId":"CVE-2021-29590","cweIds":["CWE-125"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}