// For flags

CVE-2021-41228

Code injection in `saved_model_cli`

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

TensorFlow es una plataforma de código abierto para el aprendizaje automático. En las versiones afectadas, la herramienta "saved_model_cli" de TensorFlow es vulnerable a una inyección de código ya que llama a "eval" sobre cadenas suministradas por el usuario. Esto puede ser usado por atacantes para ejecutar código arbitrario en la plataforma donde es ejecutada la herramienta CLI. Sin embargo, dado que la herramienta siempre es ejecutada manualmente, el impacto de esto no es grave. Hemos corregido esto añadiendo una bandera "safe" que por defecto es "True" y una advertencia explícita para usuarios. La corrección será incluida en TensorFlow versión 2.7.0. También seleccionaremos este commit en TensorFlow versión 2.6.1, TensorFlow versión 2.5.2, y TensorFlow versión 2.4.4, ya que estos también se ven afectados y todavía están en el rango admitido

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-09-15 CVE Reserved
  • 2021-11-05 CVE Published
  • 2023-07-11 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
 Tensorflow
Search vendor "Google" for product "Tensorflow"
 >= 2.4.0 < 2.4.4
Search vendor "Google" for product "Tensorflow" and version " >= 2.4.0 < 2.4.4"
-
Affected
Google
Search vendor "Google"
 Tensorflow
Search vendor "Google" for product "Tensorflow"
 >= 2.5.0 < 2.5.2
Search vendor "Google" for product "Tensorflow" and version " >= 2.5.0 < 2.5.2"
-
Affected
Google
Search vendor "Google"
 Tensorflow
Search vendor "Google" for product "Tensorflow"
 >= 2.6.0 < 2.6.1
Search vendor "Google" for product "Tensorflow" and version " >= 2.6.0 < 2.6.1"
-
Affected
Google
Search vendor "Google"
 Tensorflow
Search vendor "Google" for product "Tensorflow"
 2.7.0
Search vendor "Google" for product "Tensorflow" and version "2.7.0"
rc0
Affected
Google
Search vendor "Google"
 Tensorflow
Search vendor "Google" for product "Tensorflow"
 2.7.0
Search vendor "Google" for product "Tensorflow" and version "2.7.0"
rc1
Affected