VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5363-tdzq-6ked

Vulnerability ID	VCID-5363-tdzq-6ked
Aliases	CVE-2020-15194 GHSA-9mqp-7v2h-2382 PYSEC-2020-117 PYSEC-2020-274 PYSEC-2020-309
Summary	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
		https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54
		https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
		https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:07:14.897327+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-gpu/PYSEC-2020-309.yaml	38.6.0