Lucene search
K

6 matches found

OSV
OSV
added 2026/06/22 4:16 p.m.4 views

DEBIAN-CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS5.9AI score0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:21 p.m.3 views

CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:21 p.m.31 views

CVE-2026-12479 Path Traversal in keras-team/keras

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:21 p.m.8 views

EUVD-2026-38265

A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loading library. This vulnerability arises from the improper handling of user-provided layer names, which are used to construct directory paths...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:21 p.m.20 views

CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras 3.14.0, in DiskIOStore.make, due to unsanitized user-provided layer names used to build directory paths (parent components not sanitized). Although forward slashes are restricted, directory traversal sequences can escape the intended tempo...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References1
Huntr
Huntr
added 2026/03/24 3:21 p.m.4 views

Path Traversal in DiskIOStore via Unsanitized Layer Names in Keras 3

Description A logic flaw in the Keras 3 v3.0.0+ model saving and loading library handles internal asset paths insecurely. Specifically, the DiskIOStore.make method in keras/src/saving/savinglib.py uses user-provided layer names to construct directory paths without sanitizing for parent directory...

6.1CVSS6.5AI score0.00263EPSS
Exploits0
Rows per page
Query Builder