Keras
CVE-2024-3660
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (cert) · only source for this CVE.
CVSS VectorVendor: cert
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1Blast Radius
ecosystem impact- 1 pypi packages depend on keras (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.13.1rc0.
DescriptionCVE.org
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
AnalysisAI
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. Affected products include: Keras.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
Path traversal in Keras archive extraction utilities prior to version 3.14.0 allows remote attackers to write files outs
Memory-exhaustion denial of service in Google Keras 3.0.0 through 3.13.0 lets a remote attacker crash the Python interpr
Arbitrary local file disclosure in Keras 3.0.0 through 3.13.1 allows a remote attacker to read sensitive files from a vi
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. Rated
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. Rated
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attac
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar fi
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today