Lucene search
K

8 matches found

Snyk
Snyk
added 2026/02/11 11:39 p.m.4 views

External Control of File Name or Path

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to External Control of File Name or Path via the model loading process when handling HDF5 files with external dataset references. An attacker can access arbitrary files and...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 5:43 a.m.12 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "torch-2.8.0-cp310-none-macosx110arm64.whl, starlette-0.48.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl, urllib3-1.26.19-py2.py3-none-any.whl, urllib3-1.26.20-py2.py3-none-any.whl, urllib3-2.5.0-py3-none-any.whl", which are vulnerable to...

8.9CVSS7.4AI score0.00638EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/10/30 6:31 p.m.7 views

GHSA-28JP-44VH-Q42H Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a pat...

8.9CVSS6.9AI score0.00593EPSS
Exploits0References6
Snyk
Snyk
added 2025/10/30 5:41 p.m.9 views

Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile API when the extract=True option is used for tar archives. An attacker can write arbitrary files to any location on the...

9.4CVSS7.6AI score0.01184EPSS
Exploits11References2
NVD
NVD
added 2025/10/30 5:15 p.m.9 views

CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS0.00593EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 5:15 p.m.4 views

UBUNTU-CVE-2025-12060

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS7.4AI score0.00593EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/30 5:10 p.m.9 views

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS6.8AI score0.00593EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 5:10 p.m.11 views

CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability

The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...

8.9CVSS0.00593EPSS
Exploits0References2
Rows per page
Query Builder