PT-2026-29477

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function get file of the file iopaint/file manager/file manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. Th...

GHSA-HJQC-JX6G-RWP9 Keras Directory Traversal Vulnerability

Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data" parameter. A PATHMAX symlink resoluti...

CVE-2024-55459

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile function...

PT-2025-3118 · Keras · Keras

Name of the Vulnerable Software and Affected Versions: Keras version 3.7.0 Description: The issue allows attackers to write arbitrary files to the user's machine by downloading a crafted tar file through the get file function. This enables attackers to potentially compromise the user's system by...

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras version 3.7.0, which stems from a vulnerability that allows an attacker to write arbitrary files to a user's computer by downloading a carefully crafted tar file via the getfile functi...

PT-2024-38101 · WordPress · Tainacan

Name of the Vulnerable Software and Affected Versions: Tainacan plugin for WordPress versions up to, and including, 0.21.7 Description: The issue is related to a missing capability check on the get file function, which is also vulnerable to directory traversal. This allows authenticated attackers...