HIGH 7.8

PYSEC-2025-75

상세

A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / keras

No fixed version published yet for keras (pip). Pin to a known-safe version or switch to an alternative.

참고

https://jfrog.com/blog/keras-safe_mode-bypass-vulnerability/ [ADVISORY]
https://github.com/keras-team/keras/pull/21429 [REPORT]