TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.GetSessionTensor
does not fully validate the input arguments. This results in a CHECK
-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
{ "cpes": [ "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:google:tensorflow:2.9.0:rc2:*:*:*:*:*:*" ], "severity": "Medium" }