Workflow

PyPi: Keras

CVE-2024-3660

Safety vulnerability ID: 70717

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 16, 2024 Updated at Jan 09, 2025
Scan your Python projects for vulnerabilities →

Advisory

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. See CVE-2024-3660.

Affected package

keras

Latest version: 3.8.0

Multi-backend Keras

Affected versions

Fixed versions

Vulnerability changelog

A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application. See CVE-2024-3660.


CERT-VN:VU#253266: https://www.kb.cert.org/vuls/id/253266
MISC:https://kb.cert.org/vuls/id/253266: https://kb.cert.org/vuls/id/253266

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application