GSD-2021-41228
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-41228",
"description": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
"id": "GSD-2021-41228",
"references": [
"https://www.suse.com/security/cve/CVE-2021-41228.html",
"https://security.archlinux.org/CVE-2021-41228"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-41228"
],
"details": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
"id": "GSD-2021-41228",
"modified": "2023-12-13T01:23:27.417831Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41228",
"STATE": "PUBLIC",
"TITLE": "Code injection in `saved_model_cli`"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.6.0, \u003c 2.6.1"
},
{
"version_value": "\u003e= 2.5.0, \u003c 2.5.2"
},
{
"version_value": "\u003c 2.4.4"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
}
]
},
"source": {
"advisory": "GHSA-3rcw-9p9x-582v",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=2.5.0,\u003c2.5.2||\u003c2.4.4||\u003e=2.6.0,\u003c2.6.1",
"affected_versions": "All versions starting from 2.5.0 before 2.5.2, all versions before 2.4.4, all versions starting from 2.6.0 before 2.6.1",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2021-11-10",
"description": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
"fixed_versions": [
"2.5.2",
"2.6.1"
],
"identifier": "CVE-2021-41228",
"identifiers": [
"GHSA-3rcw-9p9x-582v",
"CVE-2021-41228"
],
"not_impacted": "All versions before 2.5.0, all versions starting from 2.4.4 before 2.6.0, all versions starting from 2.6.1",
"package_slug": "pypi/tensorflow-cpu",
"pubdate": "2021-11-10",
"solution": "Upgrade to versions 2.5.2, 2.6.1 or above.",
"title": "Improper Control of Generation of Code ",
"urls": [
"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v",
"https://nvd.nist.gov/vuln/detail/CVE-2021-41228",
"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
"https://github.com/advisories/GHSA-3rcw-9p9x-582v"
],
"uuid": "3efb6d19-60ec-4c89-ac8a-a0f3e6b654f9"
},
{
"affected_range": "\u003e=2.5.0,\u003c2.5.2||\u003c2.4.4||\u003e=2.6.0,\u003c2.6.1",
"affected_versions": "All versions starting from 2.5.0 before 2.5.2, all versions before 2.4.4, all versions starting from 2.6.0 before 2.6.1",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2021-11-10",
"description": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.",
"fixed_versions": [
"2.5.2",
"2.6.1"
],
"identifier": "CVE-2021-41228",
"identifiers": [
"GHSA-3rcw-9p9x-582v",
"CVE-2021-41228"
],
"not_impacted": "All versions before 2.5.0, all versions starting from 2.4.4 before 2.6.0, all versions starting from 2.6.1",
"package_slug": "pypi/tensorflow-gpu",
"pubdate": "2021-11-10",
"solution": "Upgrade to versions 2.5.2, 2.6.1 or above.",
"title": "Improper Control of Generation of Code ",
"urls": [
"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v",
"https://nvd.nist.gov/vuln/detail/CVE-2021-41228",
"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
"https://github.com/advisories/GHSA-3rcw-9p9x-582v"
],
"uuid": "ecc11f6d-ce4f-4ecf-b801-22a51453e9d9"
},
{
"affected_range": "\u003e=2.4.0,\u003c2.4.4||\u003e=2.5.0,\u003c2.5.2||\u003e=2.6.0,\u003c2.6.1||==2.7.0",
"affected_versions": "All versions starting from 2.4.0 before 2.4.4, all versions starting from 2.5.0 before 2.5.2, all versions starting from 2.6.0 before 2.6.1, version 2.7.0",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2022-10-20",
"description": "TensorFlow is an open source platform for machine learning.This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users.",
"fixed_versions": [
"2.4.4",
"2.5.2",
"2.6.1",
"2.7.1"
],
"identifier": "CVE-2021-41228",
"identifiers": [
"CVE-2021-41228",
"GHSA-3rcw-9p9x-582v"
],
"not_impacted": "All versions before 2.4.0, all versions starting from 2.4.4 before 2.5.0, all versions starting from 2.5.2 before 2.6.0, all versions starting from 2.6.1 before 2.7.0, all versions after 2.7.0",
"package_slug": "pypi/tensorflow",
"pubdate": "2021-11-05",
"solution": "Upgrade to versions 2.4.4, 2.5.2, 2.6.1, 2.7.1 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-41228",
"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v"
],
"uuid": "9955e280-439c-4076-b51e-535443c01f14"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.1",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.2",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.4",
"versionStartIncluding": "2.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41228"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. In affected versions TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-10-20T21:25Z",
"publishedDate": "2021-11-05T23:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…