CVE-2021-41227 - log back

CVE-2021-41227 created at 06 Nov 2021 00:14:30
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ In TensorFlow before version 2.6.1, the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7
+ https://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585
+ https://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b
Notes