CWE-475
AllowedUndefined Behavior for Input to API
Abstraction: Base · Status: Incomplete
The behavior of this function is undefined unless its control parameter is set to a specific value.
30 vulnerabilities reference this CWE, most recent first.
CVE-2022-29207 (GCVE-0-2022-29207)
Vulnerability from cvelistv5 – Published: 2022-05-20 22:10 – Updated: 2025-04-22 17:58| URL | Tags |
|---|---|
| https://github.com/tensorflow/tensorflow/releases… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/releases… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/releases… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/releases… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/security… | x_refsource_CONFIRM |
| https://github.com/tensorflow/tensorflow/commit/a… | x_refsource_MISC |
| https://github.com/tensorflow/tensorflow/commit/d… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.6.4
Affected: >= 2.7.0rc0, < 2.7.2 Affected: >= 2.8.0rc0, < 2.8.1 Affected: >= 2.9.0rc0, < 2.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:47:06.682002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:58:48.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.6.4"
},
{
"status": "affected",
"version": "\u003e= 2.7.0rc0, \u003c 2.7.2"
},
{
"status": "affected",
"version": "\u003e= 2.8.0rc0, \u003c 2.8.1"
},
{
"status": "affected",
"version": "\u003e= 2.9.0rc0, \u003c 2.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475: Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T22:10:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498"
}
],
"source": {
"advisory": "GHSA-5wpj-c6f7-24x8",
"discovery": "UNKNOWN"
},
"title": "Undefined behavior when users supply invalid resource handles in TensorFlow",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29207",
"STATE": "PUBLIC",
"TITLE": "Undefined behavior when users supply invalid resource handles in TensorFlow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tensorflow",
"version": {
"version_data": [
{
"version_value": "\u003c 2.6.4"
},
{
"version_value": "\u003e= 2.7.0rc0, \u003c 2.7.2"
},
{
"version_value": "\u003e= 2.8.0rc0, \u003c 2.8.1"
},
{
"version_value": "\u003e= 2.9.0rc0, \u003c 2.9.0"
}
]
}
}
]
},
"vendor_name": "tensorflow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-475: Undefined Behavior for Input to API"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
},
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8",
"refsource": "CONFIRM",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498",
"refsource": "MISC",
"url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498"
}
]
},
"source": {
"advisory": "GHSA-5wpj-c6f7-24x8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29207",
"datePublished": "2022-05-20T22:10:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:58:48.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7925 (GCVE-0-2020-7925)
Vulnerability from cvelistv5 – Published: 2020-11-23 14:50 – Updated: 2024-09-17 00:20- CWE-475 - Undefined Behavior for Input to API
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/SERVER-49142 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server |
Affected:
4.2 , < 4.2.9
(custom)
Affected: 4.4 , < 4.4.0-rc12 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:23.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/SERVER-49142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "4.2.9",
"status": "affected",
"version": "4.2",
"versionType": "custom"
},
{
"lessThan": "4.4.0-rc12",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.\u003c/p\u003e"
}
],
"value": "Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475 Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T15:38:49.622Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.mongodb.org/browse/SERVER-49142"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Denial of Service when processing malformed Role names",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2020-11-30T14:00:00.000Z",
"ID": "CVE-2020-7925",
"STATE": "PUBLIC",
"TITLE": "Denial of Service when processing malformed Role names"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.9"
},
{
"version_affected": "\u003c",
"version_name": "4.4",
"version_value": "4.4.0-rc12"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-475 Undefined Behavior for Input to API"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/SERVER-49142",
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-49142"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2020-7925",
"datePublished": "2020-11-23T14:50:12.258Z",
"dateReserved": "2020-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:20:32.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-5WPJ-C6F7-24X8
Vulnerability from github – Published: 2022-05-24 22:13 – Updated: 2022-05-24 22:13Impact
Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:
import tensorflow as tf
tf.raw_ops.QueueIsClosedV2(handle=[])
import tensorflow as tf
tf.summary.flush(writer=())
In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior.
Patches
We have patched the issue in GitHub commit a5b89cd68c02329d793356bda85d079e9e69b4e7 and GitHub commit dbdd98c37bc25249e8f288bd30d01e118a7b4498.
The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Hong Jin from Singapore Management University.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29207"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-475"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-24T22:13:59Z",
"nvd_published_at": "2022-05-20T22:16:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nMultiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:\n\n```python\nimport tensorflow as tf\n\ntf.raw_ops.QueueIsClosedV2(handle=[])\n```\n\n```python\nimport tensorflow as tf\n\ntf.summary.flush(writer=())\n```\n \nIn graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior.\n\n### Patches\nWe have patched the issue in GitHub commit [a5b89cd68c02329d793356bda85d079e9e69b4e7](https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7) and GitHub commit [dbdd98c37bc25249e8f288bd30d01e118a7b4498](https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498).\n\nThe fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Hong Jin from Singapore Management University.",
"id": "GHSA-5wpj-c6f7-24x8",
"modified": "2022-05-24T22:13:59Z",
"published": "2022-05-24T22:13:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5wpj-c6f7-24x8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29207"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/a5b89cd68c02329d793356bda85d079e9e69b4e7"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/dbdd98c37bc25249e8f288bd30d01e118a7b4498"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Undefined behavior when users supply invalid resource handles"
}
GHSA-7R2W-R4FG-R27H
Vulnerability from github – Published: 2025-06-17 18:31 – Updated: 2025-06-17 18:31An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
{
"affected": [],
"aliases": [
"CVE-2025-47866"
],
"database_specific": {
"cwe_ids": [
"CWE-434",
"CWE-475"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T18:15:26Z",
"severity": "MODERATE"
},
"details": "An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.",
"id": "GHSA-7r2w-r4fg-r27h",
"modified": "2025-06-17T18:31:37Z",
"published": "2025-06-17T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47866"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019355"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-296"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7XMC-VHJP-QV5Q
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 20:37A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gradio"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "5.0.0b2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-10569"
],
"database_specific": {
"cwe_ids": [
"CWE-475"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-20T20:37:28Z",
"nvd_published_at": "2025-03-20T10:15:17Z",
"severity": "HIGH"
},
"details": "A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip bomb, leading to a server crash and causing a denial of service.",
"id": "GHSA-7xmc-vhjp-qv5q",
"modified": "2025-03-20T20:37:28Z",
"published": "2025-03-20T12:32:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10569"
},
{
"type": "PACKAGE",
"url": "https://github.com/gradio-app/gradio"
},
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/blob/98cbcaef827de7267462ccba180c7b2ffb1e825d/gradio/components/dataframe.py#L263"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/7192bcbb-08a3-4d22-a321-9c6d19dbfc74"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Gradio Vulnerable to Denial of Service (DoS) via Crafted Zip Bomb"
}
GHSA-8F8Q-Q2J7-7J2M
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-10-11 16:31A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mlflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-3099"
],
"database_specific": {
"cwe_ids": [
"CWE-475"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-06T22:38:43Z",
"nvd_published_at": "2024-06-06T19:15:59Z",
"severity": "MODERATE"
},
"details": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.",
"id": "GHSA-8f8q-q2j7-7j2m",
"modified": "2024-10-11T16:31:58Z",
"published": "2024-06-06T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3099"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlflow/mlflow"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/8d96374a-ce8d-480e-9cb0-0a7e5165c24a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Undefined Behavior in mlflow"
}
GHSA-93PV-VHRF-WV64
Vulnerability from github – Published: 2026-05-12 15:31 – Updated: 2026-06-30 03:36Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
{
"affected": [],
"aliases": [
"CVE-2026-8391"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-475"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-12T14:17:12Z",
"severity": "MODERATE"
},
"details": "Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.",
"id": "GHSA-93pv-vhrf-wv64",
"modified": "2026-06-30T03:36:39Z",
"published": "2026-05-12T15:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8391"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-47"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-45"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8391.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476475"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038575"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-8391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27715"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26630"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26629"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26606"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26551"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26539"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26536"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26521"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26493"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26492"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26491"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26270"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26269"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26268"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26174"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22643"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22325"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21382"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21381"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21380"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21378"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9GX7-G5HV-XJJJ
Vulnerability from github – Published: 2026-05-18 15:30 – Updated: 2026-07-07 21:31A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-42009"
],
"database_specific": {
"cwe_ids": [
"CWE-475"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-18T13:16:32Z",
"severity": "HIGH"
},
"details": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
"id": "GHSA-9gx7-g5hv-xjjj",
"modified": "2026-07-07T21:31:24Z",
"published": "2026-05-18T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42009"
},
{
"type": "WEB",
"url": "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42009.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467279"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-42009"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34788"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34764"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34372"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:32962"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29794"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26409"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20613"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FWWC-F8HW-QFWF
Vulnerability from github – Published: 2023-09-09 15:30 – Updated: 2024-04-04 07:34Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12
{
"affected": [],
"aliases": [
"CVE-2023-4875"
],
"database_specific": {
"cwe_ids": [
"CWE-475",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-09T15:15:35Z",
"severity": "MODERATE"
},
"details": "Null pointer dereference when composing from a specially crafted draft message in Mutt \u003e1.5.2 \u003c2.2.12",
"id": "GHSA-fwwc-f8hw-qfwf",
"modified": "2024-04-04T07:34:31Z",
"published": "2023-09-09T15:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4875"
},
{
"type": "WEB",
"url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch"
},
{
"type": "WEB",
"url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5494"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/09/26/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-GV26-QW3H-8QVP
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 17:30An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to retrieve the first admin (owner) details.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "open-webui"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-7046"
],
"database_specific": {
"cwe_ids": [
"CWE-475",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T17:30:48Z",
"nvd_published_at": "2025-03-20T10:15:36Z",
"severity": "MODERATE"
},
"details": "An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to retrieve the first admin (owner) details.",
"id": "GHSA-gv26-qw3h-8qvp",
"modified": "2025-03-21T17:30:48Z",
"published": "2025-03-20T12:32:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7046"
},
{
"type": "PACKAGE",
"url": "https://github.com/open-webui/open-webui"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/684185e4-6766-4638-b08a-0de9c2820aee"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Open WebUI Allows Viewing of Admin Details"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.