Insufficient input validation in TensorFlow allows an attacker to perform Python code injection when processing a malicious command line argument
TensorFlow [2.4.0, 2.4.4), fixed in 2.4.4
TensorFlow [2.5.0 ,2.5.2), fixed in 2.5.2
TensorFlow [2.6.0, 2.6.1), fixed in 2.6.1
TensorFlow is a popular Machine Learning platform that's well-known and widely used in the industry.
A code injection issue has been found in one of the tools shipped with TensorFlow, called
saved_model_cli. This tool is used to save a ML model's state.
An attacker that can control the contents of the
--input_examples argument, can provide a malicious input that runs arbitrary Python code, since the argument flows directly into
No PoC is supplied for this issue
saved_model_cli tool from your image