{"data":{"id":"4505dbc9-ad26-48f6-9aaf-5b1d87c58e07","title":"CVE-2020-26269: In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing ","summary":"TensorFlow's release candidate versions 2.4.0rc* contain a vulnerability in the code that matches filesystem paths to globbing patterns (a method of searching for files using wildcards), which can cause the program to read memory outside the bounds of an array holding directory information. The vulnerability stems from missing checks on assumptions made by the parallel implementation, but this issue only affects the development version and release candidates, not the final release.","solution":"This is patched in version 2.4.0. The implementation was completely rewritten to fully specify and validate the preconditions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-26269","publishedAt":"2020-12-11T04:15:12.910Z","cveId":"CVE-2020-26269","cweIds":["CWE-125","CWE-125"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0014,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}