CVE-2022-29216: 
Python vulnerability analysis and mitigation

TensorFlow's saved_model_cli tool was found to be vulnerable to code injection (CVE-2022-29216) prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. The vulnerability was discovered and reported by Andey Robins from the Cybersecurity Education and Research Lab at the University of Wyoming (GitHub Advisory).

The vulnerability existed in the saved_model_cli tool where unsafe execution was allowed under certain code paths using eval(). This was a result of an incomplete fix for a previous vulnerability (CVE-2021-41228). The issue was present in the preprocess_input_exprs_arg_string function where the safe=False parameter would bypass security checks and directly evaluate expressions using Python's eval() function. The code path was originally maintained for compatibility with test cases using numpy expressions (GitHub Advisory).

An attacker could exploit this vulnerability to execute arbitrary code through the saved_model_cli tool. This could be leveraged to open a reverse shell or execute other malicious code. However, the impact was considered moderate since the tool is typically run manually and requires direct access (GitHub Advisory).

The issue was patched by removing the safe=False argument, ensuring all parsing is done without calling eval(). The fix was implemented in TensorFlow versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. Users should upgrade to these patched versions to mitigate the vulnerability. The fix was committed in GitHub commit c5da7af048611aa29e9382371f0aed5018516cac (GitHub Advisory).