{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T14:59:37.251","vulnerabilities":[{"cve":{"id":"CVE-2021-41201","sourceIdentifier":"security-advisories@github.com","published":"2021-11-05T20:15:08.097","lastModified":"2024-11-21T06:25:45.507","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to `true` and never assigns `false`. This results in unitialized variable access if callers assume that `EinsumHelper::ParseEquation()` always sets these flags. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."},{"lang":"es","value":"TensorFlow es una plataforma de código abierto para el aprendizaje automático. En las versiones anteriores, durante la ejecución, \"EinsumHelper::ParseEquation()\" se supone que establece las banderas en el vector \"input_has_ellipsis\" y el booleano \"*output_has_ellipsis\" para indicar si se presenta elipsis en las entradas y salidas correspondientes. Sin embargo, el código sólo cambia estas banderas a \"true\" y nunca asigna \"false\". Esto resulta en un acceso a la variable unitialized si los que llaman asumen que \"EinsumHelper::ParseEquation()\" siempre establece estas banderas. La corrección será incluida en TensorFlow versión 2.7.0. También será incluida este commit en TensorFlow versión 2.6.1, TensorFlow versión 2.5.2, y TensorFlow versión 2.4.4, ya que estos también están afectados y todavía están en el rango admitido"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-824"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.4","matchCriteriaId":"455FB550-4C9C-4BD6-9F76-A627B62AB332"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.2","matchCriteriaId":"035CDF63-1548-4FB4-B8A9-B8D328FAF910"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"651EA851-E660-4E53-9F3E-B6B69D91326B"}]}]}],"references":[{"url":"https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}