CVE-2021-41228: 
Python vulnerability analysis and mitigation

TensorFlow's saved_model_cli tool was found to contain a code injection vulnerability (CVE-2021-41228) in versions prior to 2.7.0. The vulnerability was discovered in September 2021 and publicly disclosed in November 2021. The issue affects TensorFlow versions from 2.4.0 up to (excluding) 2.4.4, 2.5.0 up to (excluding) 2.5.2, 2.6.0 up to (excluding) 2.6.1, and 2.7.0-rc0/rc1 (NVD, GitHub Advisory).

The vulnerability exists in the saved_model_cli tool's preprocess_input_exprs_arg_string function, which uses an unsafe eval() call on user-supplied strings from the --input_examples argument. The function processes input strings and directly evaluates them using Python's eval() function without proper sanitization, allowing arbitrary code execution. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, JFrog).

An attacker who can control the contents of the --input_examples argument can execute arbitrary Python code on the platform where the CLI tool runs. However, the impact is considered less severe since the tool requires manual execution. The vulnerability could potentially lead to unauthorized code execution, system compromise, and data breaches (GitHub Advisory).

The issue was fixed in TensorFlow 2.7.0 by replacing the unsafe eval() call with json.loads() and adding a safe flag that defaults to True. The fix was also backported to versions 2.6.1, 2.5.2, and 2.4.4. Users are strongly advised to upgrade to these patched versions. The fix restricts the --input_examples inputs to Python literals to prevent code injection (GitHub Commit).