{"data":{"id":"5095d67e-9614-47e0-8909-3ef91e3e155b","title":"CVE-2022-41888: TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposa","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.image.generate_bounding_box_proposals` function when running on GPU. The function fails to validate that the `scores` input has the correct rank (dimension structure), which could cause problems. This is classified as improper input validation (CWE-20, where a program doesn't properly check if data meets required specifications).","solution":"The fix is included in TensorFlow 2.11 and has been backported to versions 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The patch details are available in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41888","publishedAt":"2022-11-19T03:15:15.203Z","cveId":"CVE-2022-41888","cweIds":["CWE-20"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00203,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}