CVE-2024-55459

Опубликовано: 08 янв. 2025

Источник: debian

EPSS Низкий

Описание

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
keras	removed			package
keras	postponed		bullseye	package

Примечания

https://github.com/advisories/GHSA-cjgq-5qmw-rcj6

EPSS

Процентиль: 26%

0.00115

Низкий

Связанные уязвимости

CVE-2024-55459

CVSS3: 6.5

ubuntu

11 месяцев назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

CVE-2024-55459

CVSS3: 5.7

redhat

11 месяцев назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

CVE-2024-55459

CVSS3: 6.5

nvd

11 месяцев назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

CVE-2024-55459

msrc

3 месяца назад

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

GHSA-cjgq-5qmw-rcj6

github

11 месяцев назад

keras Path Traversal vulnerability

EPSS

Процентиль: 26%

0.00115

Низкий