CVE-2024-55459

Опубликовано: 08 янв. 2025

Источник: debian

EPSS Низкий

Описание

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
keras	removed			package
keras	postponed		bullseye	package

Примечания

https://github.com/advisories/GHSA-cjgq-5qmw-rcj6

EPSS

Процентиль: 22%

0.00071

Низкий

Связанные уязвимости

CVE-2024-55459

CVSS3: 6.5

ubuntu

около 1 года назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

CVE-2024-55459

CVSS3: 5.7

redhat

около 1 года назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

CVE-2024-55459

CVSS3: 6.5

nvd

около 1 года назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

CVE-2024-55459

msrc

5 месяцев назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

GHSA-cjgq-5qmw-rcj6

github

около 1 года назад

keras Path Traversal vulnerability

EPSS

Процентиль: 22%

0.00071

Низкий