Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/12/02 10:31 p.m.7 views

CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7.2AI score0.00592EPSS
Exploits0References5
github
github
added 2025/12/02 12:58 a.m.25 views

Keras Directory Traversal Vulnerability

Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resoluti...

8.9CVSS7.7AI score0.00593EPSS
Exploits0References7Affected Software1
osv
osv
added 2025/11/28 3:16 p.m.9 views

UBUNTU-CVE-2025-12638

Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.getfile function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall method without the security-critical filter='data' parameter. Although Keras attempts...

8CVSS7.4AI score0.00592EPSS
Exploits0References3
snyk
snyk
added 2025/11/28 2:40 p.m.4 views

Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile function when extracting tar archives. An attacker can write arbitrary files outside the intended extraction directory by...

8.5CVSS7.7AI score0.00592EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/30 5:10 p.m.9 views

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS6.8AI score0.00593EPSS
Exploits0References2
osv
osv
added 2025/10/30 5:10 p.m.5 views

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS7.4AI score0.00593EPSS
Exploits0References5
cve
cve
added 2025/10/30 5:10 p.m.85 views

CVE-2025-12060

CVE-2025-12060 concerns Keras: when using keras.utils.get_file with extract=True on tar archives, tarfile.extractall is invoked without a proper filter, enabling path traversal and potential arbitrary file writes outside the destination directory. The root cause is linked to Python tarfile weakne...

8.9CVSS6.8AI score0.00593EPSS
Exploits0References2
Rows per page
Query Builder