Описание
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
A flaw was found in the Keras deep learning framework. When a user downloads a specially-crafted tar file via the get_file function, it may allow for the creation of arbitrary files on the host system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-api-server-v2-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-driver-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-launcher-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-modelmesh-runtime-adapter-rhel8 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
An issue in keras 3.7.0 allows attackers to write arbitrary files to t ...
EPSS
5.7 Medium
CVSS3