HIGH 7.5

PYSEC-2026-73

상세

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / keras

최초 영향 버전: 3.0.0 수정 버전: 3.13.1

수정 pip install --upgrade 'keras>=3.13.1'

참고

https://github.com/keras-team/keras/pull/21880 [FIX]