2021-06-30 00:12:53
mitre
PUBLISHED
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendors position is that tf.keras.utils.get_file is not intended for untrusted archives