{"data":{"id":"945a9633-bb75-4031-83f3-edb486089d0a","title":"CVE-2021-41203: TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behav","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability where attackers can cause crashes or undefined behavior (unpredictable program execution) by modifying saved checkpoints (saved states of a trained model) from outside the system, because the checkpoint loading code doesn't properly validate file formats. This affects multiple versions of TensorFlow that are still being supported.","solution":"The fixes will be included in TensorFlow 2.7.0. Additionally, patches will be cherry-picked (applied) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, which are also affected and still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41203","publishedAt":"2021-11-06T01:15:08.613Z","cveId":"CVE-2021-41203","cweIds":["CWE-345","CWE-190"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00019,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}