CVE-2021-41215 - log back

CVE-2021-41215 created at 06 Nov 2021 00:15:16
Severity
+ Medium
Remote
+ Local
Type
+ Incorrect calculation
Description
+ In TensorFlow before version 2.6.1, the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serialize_sparse tensor is a tensor with positive rank (and having 3 as the last dimension).
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r
+ https://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850
Notes