You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-bolt-for-githubbot
changed the title
CVE-2022-29213 (Medium) detected in tensorflow-2.6.3-cp37-cp37m-manylinux2010_x86_64.whl
CVE-2022-29213 (Medium) detected in tensorflow-2.6.3-cp37-cp37m-manylinux2010_x86_64.whl - autoclosed
Jul 20, 2022
CVE-2022-29213 - Medium Severity Vulnerability
Vulnerable Library - tensorflow-2.6.3-cp37-cp37m-manylinux2010_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/73/a3/142f73d0e076f5582fd8da29c68af0413bf529933eed09f86a8857fab0d6/tensorflow-2.6.3-cp37-cp37m-manylinux2010_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 977293e8b3e6b1a0183210a2c32c01f32c53dd6c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the
tf.compat.v1.signal.rfft2d
andtf.compat.v1.signal.rfft3d
lack input validation and under certain condition can result in crashes (due toCHECK
-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.Publish Date: 2022-05-21
URL: CVE-2022-29213
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29213
Release Date: 2022-05-21
Fix Resolution: tensorflow - 2.6.4,2.7.2,2.8.1,2.9.0;tensorflow-cpu - 2.6.4,2.7.2,2.8.1,2.9.0;tensorflow-gpu - 2.6.4,2.7.2,2.8.1,2.9.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: