CVE-2021-35958 - log back

CVE-2021-35958 edited at 30 Jun 2021 08:30:25
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary file overwrite
Description
+ ** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.
References
+ https://vuln.ryotak.me/advisories/52
+ https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall
Notes
CVE-2021-35958 created at 30 Jun 2021 08:28:41