---

CVE-2021-41213 - log back

CVE-2021-41213 created at 06 Nov 2021 00:17:06
Severity	+ Medium
Remote	+ Local
Type	+ Denial of service
Description	+ In TensorFlow before version 2.6.1, the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive tf.function, although this is not a frequent scenario.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf + https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7
Notes