{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T22:43:42.478","vulnerabilities":[{"cve":{"id":"CVE-2021-41213","sourceIdentifier":"security-advisories@github.com","published":"2021-11-05T23:15:08.217","lastModified":"2024-11-21T06:25:47.550","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range."},{"lang":"es","value":"TensorFlow es una plataforma de código abierto para el aprendizaje automático. En las versiones afectadas, el código detrás de la API \"tf.function\" puede llegar a bloquearse cuando dos funciones de Python decoradas con \"tf.function\" son recursivas entre sí. Esto ocurre debido a que es usado un objeto Python \"Lock\" no recursivo. La carga de cualquier modelo que contenga funciones mutuamente recursivas es vulnerable. Un atacante puede causar una denegación de servicio al causar que usuarios carguen dichos modelos y llamen a una función recursiva \"tf.function\", aunque esto no es un escenario frecuente. La corrección será incluida en TensorFlow versión 2.7.0. También será incluida este commit en TensorFlow versión 2.6.1, TensorFlow versión 2.5.2, y TensorFlow versión 2.4.4, ya que estos también están afectados y todavía están en el rango admitido"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-667"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-662"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.4","matchCriteriaId":"0E596567-6F67-4880-8EC4-CB262BF02E0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.5.0","versionEndExcluding":"2.5.2","matchCriteriaId":"035CDF63-1548-4FB4-B8A9-B8D328FAF910"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.0","versionEndExcluding":"2.6.1","matchCriteriaId":"5D68D8D1-DB27-4395-9D3D-2BED901B852C"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.7.0:rc0:*:*:*:*:*:*","matchCriteriaId":"A58EDA5C-66D6-46F1-962E-60AFB7C784A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"89522760-C2DF-400D-9624-626D8F160CBA"}]}]}],"references":[{"url":"https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}