{"data":{"id":"654c715e-de57-4eee-9561-91d1279b9203","title":"CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTe","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in a function called `tf.raw_ops.RaggedTensorToTensor` that fails to properly validate (check) all input arguments. An attacker can cause undefined behavior (unpredictable crashes or memory access errors) by providing empty inputs, because the code only checks that one input isn't empty while skipping checks on the others.","solution":"The fix will be included in TensorFlow 2.5.0. TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4 will also receive the fix through cherrypicked commits, as these versions are affected and still supported.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29608","publishedAt":"2021-05-15T00:15:15.803Z","cveId":"CVE-2021-29608","cweIds":["CWE-131"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00057,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}