Google » Tensorflow : Security Vulnerabilities, CVEs, Published In 2021 (Directory traversal)
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives
Max CVSS
9.1
EPSS Score
0.19%
Published
2021-06-30
Updated
2024-04-11
1 vulnerabilities found