5 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.
Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...
a2grunnerp (>=0.1.0 <=0.1.8), a62-emotion (>=0.9.2 <=0.11.4) +1265 more potentially affected by CVE-2025-12060 +1 more via keras (>=1.2.1 <=3.11.3)
keras PYPI version =1.2.1, =0.1.0, =0.9.2, =1.0.1, =0.1.0, =1.1.2, =0.0.8, =0.0.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-12060, CVE-2025-12638 Source advisory: OSV:GHSA-HJQC-JX6G-RWP9...
CVE-2025-12060 vulnerabilities
Vulnerabilities for packages: tensorflow-gpu-jupyter, kubeflow-pipelines-visualization-server, tensorflow-cpu-jupyter...
DEBIAN-CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...
CVE-2025-12060
The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special...