{"data":{"id":"9460d741-499e-4b7c-ba7b-dce61524473b","title":"CVE-2021-41228: TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is ","summary":"TensorFlow's `saved_model_cli` tool (a command-line utility for working with machine learning models) has a code injection vulnerability because it runs `eval` on user-supplied strings, which could allow attackers to execute arbitrary code on the system. The risk is limited since the tool is only run manually by users, not automatically.","solution":"The developers patched this by adding a `safe` flag that defaults to `True` and an explicit warning for users. The fix is included in TensorFlow 2.7.0, and will also be backported (applied to older versions still being supported) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41228","publishedAt":"2021-11-06T03:15:08.663Z","cveId":"CVE-2021-41228","cweIds":["CWE-78","CWE-94"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0004,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242","CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}