7 matches found
CVE-2025-12638
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
Keras Directory Traversal Vulnerability
Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resoluti...
UBUNTU-CVE-2025-12638
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...
Directory Traversal
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile function when extracting tar archives. An attacker can write arbitrary files outside the intended extraction directory by...
CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060
CVE-2025-12060 concerns Keras: when using keras.utils.get_file with extract=True on tar archives, tarfile.extractall is invoked without a proper filter, enabling path traversal and potential arbitrary file writes outside the destination directory. The root cause is linked to Python tarfile weakne...