GHSA-5478-v2w6-c6q7 – keras

Package

Manager: pip
Name: keras
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: N/A

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Keras arbitrary code execution vulnerability # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references. # Original Description The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

Metadata

Created: 2025-03-11T09:30:30Z
Modified: 2025-03-11T20:07:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-5478-v2w6-c6q7/GHSA-5478-v2w6-c6q7.json
CWE IDs: ["CWE-94"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0