CVE-2021-41213 log

Severity Medium
Remote No
Type Denial of service
In TensorFlow before version 2.6.1, the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive tf.function, although this is not a frequent scenario.
Group Package Affected Fixed Severity Status Ticket
AVG-2529 tensorflow 2.6.0-6 2.6.1-1 High Fixed