MEDIUM 6.5

PYSEC-2025-121

Details

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / keras

Introduced in: 0

No fixed version published yet for keras (pip). Pin to a known-safe version or switch to an alternative.

References

https://keras.io [WEB]
https://river-bicycle-f1e.notion.site/Arbitrary-File-Write-Vulnerability-in-get_file-function-11888e31952580179224e50892976d32 [WEB]
https://github.com/keras-team/keras [PACKAGE]