mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
769 B
769 B
CVE-2021-35958
Description
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives.
POC
Reference
No PoCs from references.