5 matches found
Security Bulletin: Arbitrary Code Execution in Keras
Summary Keras is used by many machine learning frameworks and applications as part of their deep learning infrastructure. Remote attackers can execute arbitrary code, leading to full system compromise, data breaches, and potential lateral movement where the identified vulnerability is present...
GHSA-MQ84-HJQX-CWF2 Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local file loading and Server-Side Request Forgery SSRF. This vulnerability stems from the way the StringLookup layer is handled during model loading from a...
Keras 安全漏洞
Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras that stems from the StringLookup layer not properly restricting external path loading functionality when processing specially crafted .keras archives, which could lead to arbitrary loc...
Arbitrary Code Execution
Keras is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation in the Model.loadmodel method when loading specially crafted .keras model archives...