JFrog Security Research

XRAY-189178 - TensorFlow Python code injection

CVE-2021-41228 | CVSS 7.8

JFrog Severity:high

Published 16 Nov. 2021 | Last updated 16 Nov. 2021

Insufficient input validation in TensorFlow allows an attacker to perform Python code injection when processing a malicious command line argument


TensorFlow [2.4.0, 2.4.4), fixed in 2.4.4

TensorFlow [2.5.0 ,2.5.2), fixed in 2.5.2

TensorFlow [2.6.0, 2.6.1), fixed in 2.6.1

TensorFlow is a popular Machine Learning platform that's well-known and widely used in the industry.

A code injection issue has been found in one of the tools shipped with TensorFlow, called saved_model_cli. This tool is used to save a ML model's state.

An attacker that can control the contents of the --input_examples argument, can provide a malicious input that runs arbitrary Python code, since the argument flows directly into eval().

No PoC is supplied for this issue

Remove the saved_model_cli tool from your image

(JFrog) New code injection vulnerability discovered in TensorFlow