Lucene search
K

4 matches found

Huntr
Huntr
added 2026/02/21 6:25 a.m.9 views

Path traversal via startswith() prefix confusion in is_path_in_dir (bypass of CVE-2025-12638 fix)

Description The ispathindir function in keras/src/utils/fileutils.py line 47-48 is a security-critical path validation function introduced as part of the fix for CVE-2025-12638. It is used by both filtersafezipinfos and filtersafetarinfos to validate that archive entries stay within the intended...

8CVSS7.2AI score0.00592EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/11/28 3:16 p.m.3 views

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7.2AI score0.00592EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/11/28 2:40 p.m.4 views

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +14 more potentially affected by CVE-2025-12638 via keras (>=3.0.0 <=3.11.3)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.10.0 and more Source cves: CVE-2025-12638 Source advisory: SNYK:PYTHON-KERAS-14152002...

8CVSS7.2AI score0.00592EPSS
Exploits0
CVE
CVE
added 2025/11/28 2:6 p.m.39 views

CVE-2025-12638

Keras 3.11.3 is affected by a path traversal in keras.utils.get_file() via tar archive extraction. The root cause is tarfile.extractall() used without filter="data"; though filter_safe_paths() is applied, a PATH_MAX symlink resolution bug during extraction can cause symlinks to be treated as lite...

8CVSS8.2AI score0.00592EPSS
Exploits0References1
Rows per page
Query Builder