Blog | G5 Cyber Security

Google’s TensorFlow drops YAML support due to code execution flaw

TensorFlow, a Python-based machine learning and artificial intelligence project developed by Google, has dropped support for YAML, to patch a critical code execution vulnerability. The critical flaw enables attackers to execute arbitrary code when an application deserializes a Keras model provided in the YAMl format. The “yaml.unsafe_load() function is known to deserialize data rather liberallyit resolves all tags, “even those known to be unsafe on untrusted input” The fix for CVE-2021-37678 is expected to arrive in version 2.6.0.”]

Source: https://www.bleepingcomputer.com/news/security/googles-tensorflow-drops-yaml-support-due-to-code-execution-flaw/

Exit mobile version