---

CVE-2021-41228 - log back

CVE-2021-41228 created at 06 Nov 2021 00:17:23
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ In TensorFlow before version 2.6.1, TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. This was patched by adding a safe flag which defaults to True and an explicit warning for users.
References	+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v + https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7
Notes