{"data":{"id":"a775264a-e63b-4c09-a1fd-afc5b4fc47ec","title":"CVE-2021-41208: TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlo","summary":"TensorFlow's boosted trees code (a machine learning feature for building multiple decision trees together) lacks proper input validation, allowing attackers to crash the system (denial of service, where a service becomes unavailable), read sensitive data from memory, or write malicious data to memory buffers. The TensorFlow developers recommend stopping use of these APIs since the boosted trees code is no longer actively maintained.","solution":"The fix will be included in TensorFlow 2.7.0. Security patches will also be backported to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41208","publishedAt":"2021-11-06T02:15:08.533Z","cveId":"CVE-2021-41208","cweIds":["CWE-476","CWE-824","CWE-476"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["denial_of_service","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00012,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}