keras is vulnerable to Code Injection. The vulnerability is due to improper model sanitization through the Lambda layer, allowing an attacker to inject arbitrary Python code into a model via a lambda function. If an unsuspecting developer then loads this model, arbitrary code execution occurs.