Keras code injection vulnerability

GHSA-x4wf-678h-2pmq · CVE-2024-3660

Published Apr 16, 2024 · Modified Aug 2, 2024

Description

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-3660
PACKAGE https://github.com/keras-team/keras
WEB https://github.com/keras-team/keras/compare/r2.12...r2.13
WEB https://kb.cert.org/vuls/id/253266
WEB https://www.kb.cert.org/vuls/id/253266

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes