8 matches found
External Control of File Name or Path
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to External Control of File Name or Path via the model loading process when handling HDF5 files with external dataset references. An attacker can access arbitrary files and...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "torch-2.8.0-cp310-none-macosx110arm64.whl, starlette-0.48.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl, urllib3-1.26.19-py2.py3-none-any.whl, urllib3-1.26.20-py2.py3-none-any.whl, urllib3-2.5.0-py3-none-any.whl", which are vulnerable to...
GHSA-28JP-44VH-Q42H Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. Original Description The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a pat...
Directory Traversal
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile API when the extract=True option is used for tar archives. An attacker can write arbitrary files to any location on the...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
UBUNTU-CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060 Keras keras.utils.get_file Utility Path Traversal Vulnerability
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...