-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.1.4 | 2.1.4 |
| tensorflow | pip | >= 2.2.0, < 2.2.3 | 2.2.3 |
| tensorflow | pip | >= 2.3.0, < 2.3.3 | 2.3.3 |
| tensorflow | pip | >= 2.4.0, < 2.4.2 | 2.4.2 |
| tensorflow-cpu | pip | < 2.1.4 | 2.1.4 |
| tensorflow-cpu | pip | >= 2.2.0, < 2.2.3 | 2.2.3 |
| tensorflow-cpu | pip | >= 2.3.0, < 2.3.3 | 2.3.3 |
| tensorflow-cpu | pip | >= 2.4.0, < 2.4.2 | 2.4.2 |
| tensorflow-gpu | pip | < 2.1.4 | 2.1.4 |
| tensorflow-gpu | pip | >= 2.2.0, < 2.2.3 | 2.2.3 |
| tensorflow-gpu | pip | >= 2.3.0, < 2.3.3 | 2.3.3 |
| tensorflow-gpu | pip | >= 2.4.0, < 2.4.2 | 2.4.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the Prepare function in the SVDF operator implementation. The code explicitly checks TF_LITE_ENSURE_EQ(context, num_filters % rank, 0) without first ensuring rank != 0. The patch adds a TF_LITE_ENSURE(context, rank != 0) check immediately before this line, confirming this was the vulnerable location. The function's role in parameter validation and direct involvement in the division operation make this a high-confidence identification.
Ongoing coverage of React2Shell