Описание
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
A flaw was found in Keras. This vulnerability allows arbitrary code execution via a maliciously crafted .keras archive that manipulates the config.json file to load and execute arbitrary Python modules and functions, even with safe_mode=True.
Отчет
None of the Red Hat Products and Services are impacted by this vulnerability.
Меры по смягчению последствий
In order to reduce the success of the attack and mitigate this flaw, it is recommended to implement strict input validation for the .keras archives, restrict models to load only trusted sources and restrict privileges for model loading processes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-api-server-v2-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-driver-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-launcher-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-modelmesh-runtime-adapter-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
Arbitrary Code Execution via Crafted Keras Config for Model Loading
The Keras Model.load_model function permits arbitrary code execution, ...
Arbitrary Code Execution via Crafted Keras Config for Model Loading
EPSS
8.2 High
CVSS3