JFrog's security research team disclosed a code injection vulnerability in TensorFlow's saved_model_cli tool, related to the improper use of the eval function in processing user inputs from the --input_examples argument. This flaw, identified as CVE-2021-41228, allowed attackers to execute arbitrary Python code by manipulating input expressions, which was unexpected and undocumented for users. TensorFlow addressed this issue in version 2.7.0 by replacing the eval call with json.loads, ensuring safer handling of input as a list of dictionaries. The vulnerability could potentially be exploited remotely under certain conditions, and JFrog acknowledged TensorFlow's prompt response in validating and remedying the issue, along with responsibly issuing a CVE.