-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from the unvalidated 'ragged_rank' parameter in the _constant_value function. The commit bd4d558 explicitly adds a check comparing 'ragged_rank' against 'max_depth' (input nesting depth) to prevent invalid configurations. Prior to this fix, the absence of this validation allowed attackers to trigger a memory exhaustion DoS by providing a 'ragged_rank' exceeding the input's actual nesting depth. The function is directly referenced in the vulnerability description and commit diff, confirming its role.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tensorflow | pip | < 2.6.4 | 2.6.4 |
| tensorflow | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
| tensorflow | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-cpu | pip | < 2.6.4 | 2.6.4 |
| tensorflow-cpu | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
| tensorflow-cpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
| tensorflow-gpu | pip | < 2.6.4 | 2.6.4 |
| tensorflow-gpu | pip | >= 2.7.0, < 2.7.2 | 2.7.2 |
| tensorflow-gpu | pip | >= 2.8.0, < 2.8.1 | 2.8.1 |
Ongoing coverage of React2Shell