{"data":{"id":"d7e8e017-35f9-4ae9-aa6a-0594dcd936c2","title":"CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buf","summary":"A vulnerability in TensorFlow (a machine learning framework) before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 allows attackers to crash systems or corrupt data by modifying a SavedModel (TensorFlow's format for storing trained models). This can disable services that use TensorFlow to run AI models for predictions.","solution":"Update TensorFlow to version 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1 or later, which include the patch from commit adf095206f25471e864a8e63a0f1caef53a0e3a6.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-15206","publishedAt":"2020-09-25T23:15:15.917Z","cveId":"CVE-2020-15206","cweIds":["CWE-20"],"cvssScore":"9","cvssSeverity":"critical","severity":"critical","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow","tensorflow-serving"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00472,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}