AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29513: TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29513

Summary

TensorFlow, a machine learning platform, has a vulnerability where operations that expect numeric tensors (data types representing numbers) crash when given non-numeric tensors instead, due to a type confusion bug (mixing up data types) in the conversion from Python code to C++ code. The developers have fixed this issue and will release it in multiple versions.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476 CWE-843

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29513

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 95%