Search for vulnerabilities
| Vulnerability ID | VCID-2t7w-zpd8-suc9 |
| Aliases |
CVE-2022-23563
GHSA-wc4g-r73w-x8mm PYSEC-2022-127 PYSEC-2022-72 |
| Summary | Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:16:56.574542+00:00 | Pypa Importer | Import | https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2022-127.yaml | 38.6.0 |