CVE-2021-35958 PoC — Google TensorFlow 路径遍历漏洞

Source

https://github.com/miguelc49/CVE-2021-35958-1

Associated Vulnerability

Title:Google TensorFlow 路径遍历漏洞 (CVE-2021-35958)
Description:Google TensorFlow是美国谷歌（Google）公司的一套用于机器学习的端到端开源平台。 TensorFlow 存在安全漏洞，该漏洞源 tf.keras.utils.get_file 与 extract=True 一起使用时引起的问题。攻击者可利用该漏洞通过一个精心制作的归档文件覆盖任意文件。

Readme

# CVE-2021-35958-1

File Snapshot


 [4.0K]  /data/pocs/82942de944629880fa02ed25ae04e075c8a15084
├── [  40]  hello_world.py
├── [  18]  README.md
└── [  17]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!