Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 3:10 p.m.7 views

Security Bulletin: Arbitrary Code Execution in Keras

Summary Keras is used by many machine learning frameworks and applications as part of their deep learning infrastructure. Remote attackers can execute arbitrary code, leading to full system compromise, data breaches, and potential lateral movement where the identified vulnerability is present...

9.8CVSS8.4AI score0.02803EPSS
Exploits3Affected Software1
OSV
OSV
added 2025/10/29 9:30 a.m.5 views

GHSA-MQ84-HJQX-CWF2 Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS6.6AI score0.00239EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/29 9:30 a.m.6 views

Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery

The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...

5.9CVSS6.6AI score0.00239EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.3 views

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from the StringLookup layer not properly restricting external path loading functionality when processing specially crafted .keras archives, which could lead to arbitrary loc...

5.9CVSS7.4AI score0.00239EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/01 5:13 a.m.5 views

Arbitrary Code Execution

Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation in the Model.loadmodel method when loading specially crafted .keras model archives...

8.6CVSS6.7AI score0.00112EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder