{"data":{"id":"59ba8f05-52e1-437c-8719-f6561e490919","title":"CVE-2021-41212: TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in its shape inference code for the `tf.ragged.cross` function that allows reading data outside the bounds of allocated memory (an out-of-bounds read, which can cause crashes or expose sensitive data). The vulnerability affects multiple versions of TensorFlow and has been patched in newer releases.","solution":"The fix is included in TensorFlow 2.7.0. For users on earlier versions, patches were also released for TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41212","publishedAt":"2021-11-06T01:15:08.877Z","cveId":"CVE-2021-41212","cweIds":["CWE-125","CWE-125"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00019,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}