{"data":{"id":"a4809043-5a79-4d62-9b4a-7b2a9757e137","title":"CVE-2021-29515: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixDiag*` operations(ht","summary":"TensorFlow (an open-source machine learning platform) has a vulnerability in its `MatrixDiag*` operations (functions that create diagonal matrices from tensor data) because the code doesn't check whether the input tensors are empty, which could cause the program to crash or behave unexpectedly. This bug affects multiple versions of TensorFlow.","solution":"The fix will be included in TensorFlow 2.5.0. It will also be backported (added to earlier versions still being supported) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29515","publishedAt":"2021-05-15T00:15:11.300Z","cveId":"CVE-2021-29515","cweIds":["CWE-476"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}