CVE-2024-3660 Arbitrary code injection vulnerability in Keras framework < 2.13

2024-04-1620:09:26

certcc

www.cve.org

arbitrary code injection

keras framework

cve-2024-3660

tensorflow

model vulnerability

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

A arbitrary code injection vulnerability in TensorFlow’s Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.

CNA Affected

[
  {
    "vendor": "tensorflow",
    "product": "keras",
    "versions": [
      {
        "status": "affected",
        "version": "*",
        "lessThan": "2.13",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.cert.org/vuls/id/253266

www.kb.cert.org/vuls/id/253266