Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `load_model()` function, which uses pickle for serialization. An attacker can execute code even if `safe_mode` is set to `True`, by supplying a malicious `.keras` file. The included `config.json` can be manipulated to point to and load `npz` model files containing executable code. How to fix Deserialization of Untrusted Data? Upgrade `keras` to version 3.9.0 or higher.	[,3.9.0)
C Code Injection keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Code Injection due to improper user input sanitization through the Lambda layer, allowing a developer to add arbitrary Python code to a model in the form of a lambda function. An attacker could use this feature to trojanize a popular model, save it, and redistribute it, tainting the supply chain of dependent AI/ML applications. In addition, exploiting this vulnerability allows arbitrary code to be executed with the same permissions as the application. Note If running pre-2.13 applications in a sandbox, ensure no assets of value are in scope of the running application to minimize the potential for data exfiltration. How to fix Code Injection? Upgrade `keras` to version 2.13.1rc0 or higher.	[,2.13.1rc0)
H Deserialization of Untrusted Data keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Loading keras models via yaml could allow arbitrary code execution via unsafe deserialization. How to fix Deserialization of Untrusted Data? Upgrade `keras` to version 2.6.0rc3 or higher.	[,2.6.0rc3)

Go back to all versions of this package