CVE-2024-55459

Medium CVSS: 6.5

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

Vendor

Keras

Product

Keras

CWE

CWE-494

Yayın Tarihi

2025-01-08 17:15:15

Güncelleme

2025-09-22 17:47:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-494 Keras MEDIUM Keras 2025

Referanslar

https://github.com/keras-team/keras https://keras.io https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32

Benzer Kayıtlar

High

CVE-2026-1669

Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supp…

High

CVE-2026-0897

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through…

High

CVE-2025-9905

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c…

High

CVE-2025-9906

The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One c…

High

CVE-2025-8747

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attac…

High

CVE-2025-1550

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually const…