Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-35958 - log back

CVE-2021-35958 edited at 30 Jun 2021 08:30:25

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Arbitrary file overwrite

Description

+	DISPUTED TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.

References

+	https://vuln.ryotak.me/advisories/52
+	https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

Notes

CVE-2021-35958 created at 30 Jun 2021 08:28:41