TensorFlow, a Python-based machine learning and artificial intelligence project developed by Google, has dropped support for YAML, to patch a critical code execution vulnerability. The critical flaw enables attackers to execute arbitrary code when an application deserializes a Keras model provided in the YAMl format. The “yaml.unsafe_load() function is known to deserialize data rather liberallyit resolves all tags, “even those known to be unsafe on untrusted input” The fix for CVE-2021-37678 is expected to arrive in version 2.6.0.”]