Hertschuh

**Name of the Vulnerable Software and Affected Versions** Keras versions 3.0.0 through 3.7.9 **Description** The Keras `Model.load model` function allows for arbitrary code execution, even when `safe mode` is enabled. This occurs through a maliciously crafted `.keras` archive. An attacker can modify the `config.json` file within the archive to specify arbitrary Python modules and functions, along with their arguments, which are then loaded and executed during model loading. The vulnerability stems from insufficient validation during model loading, specifically within the handling of the `config.json` file. **Recommendations** Update to Keras version 3.9 or later. Only load models from trusted sources.