{"id":"CVE-2021-35958","details":"TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives","aliases":["BIT-tensorflow-2021-35958"],"modified":"2026-04-12T00:39:14.003354Z","published":"2021-06-30T01:15:07.033Z","references":[{"type":"ADVISORY","url":"https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/README.md"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/blob/b8cad4c631096a34461ff8a07840d5f4d123ce32/tensorflow/python/keras/utils/data_utils.py#L137"},{"type":"ADVISORY","url":"https://keras.io/api/"},{"type":"ADVISORY","url":"https://vuln.ryotak.me/advisories/52"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"last_affected":"a4dfb8d1a71385bd6d122e4f27f86dcebb96712d"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.5.0"}],"cpe":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-35958.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}