CRITICAL 9.8

GHSA-x4wf-678h-2pmq

Keras code injection vulnerability

상세

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / keras

최초 영향 버전: 0 수정 버전: 2.13.1rc0

수정 pip install --upgrade 'keras>=2.13.1rc0'

참고

https://nvd.nist.gov/vuln/detail/CVE-2024-3660 [ADVISORY]
https://github.com/keras-team/keras [PACKAGE]
https://github.com/keras-team/keras/compare/r2.12...r2.13 [WEB]
https://kb.cert.org/vuls/id/253266 [WEB]
https://www.kb.cert.org/vuls/id/253266 [WEB]