-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | >= 2.6.0, < 2.6.1 | 2.6.1 |
| tensorflow | pip | >= 2.5.0, < 2.5.2 | 2.5.2 |
| tensorflow | pip | < 2.4.4 | 2.4.4 |
| tensorflow-cpu | pip | >= 2.6.0, < 2.6.1 | 2.6.1 |
| tensorflow-cpu | pip | >= 2.5.0, < 2.5.2 | 2.5.2 |
| tensorflow-cpu | pip | < 2.4.4 | 2.4.4 |
| tensorflow-gpu | pip | >= 2.6.0, < 2.6.1 | 2.6.1 |
| tensorflow-gpu | pip | >= 2.5.0, < 2.5.2 | 2.5.2 |
| tensorflow-gpu | pip | < 2.4.4 | 2.4.4 |
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from missing validation in TensorFlow's 3D pooling kernel (pooling_ops_3d.cc). The commit diff shows the fix added validation to the Pooling3DOp constructor to check all ksize dimensions are >0. Since MaxPooling3D and AvgPooling3D layers both use this kernel, their underlying C++ operations (MaxPool3D and AvgPool3D) are vulnerable. The Python layer functions (nn_ops.max_pool3d/nn_ops.avg_pool3d) act as entry points but the core issue resides in the unvalidated C++ kernel code.
Ongoing coverage of React2Shell