Skip to main content

Improper Control of Generation of Code ('Code Injection')


Severity High
Score 7.8/10


TensorFlow is an open-source platform for machine learning. In version 2.4.4 ,2.5.2 through 2.5.3, 2.6.1 through 2.6.3, 2.7.0 through 2.7.1 and 2.8.0rc0 through 2.8.0 TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0rc0, 2.8.1, 2.7.2, and 2.6.4. This issue exists due to an incomplete fix of CVE-2021-41228.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-94 - Code Injection

Code injection is a type of vulnerability that allows an attacker to execute arbitrary code. This vulnerability fully compromises the machine and can cause a wide variety of security issues, such as unauthorized access to sensitive information, manipulation of data, denial of service attacks etc. Code injection is different from command injection in the fact that it is limited by the functionality of the injected language (e.g. PHP), as opposed to command injection, which leverages existing code to execute commands, usually within the context of a shell.

Advisory Timeline

  • Published