CVE-2024-55459

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Keras version 3.7.0

Description The issue allows attackers to write arbitrary files to the user's machine by downloading a crafted tar file through the get file function. This enables attackers to potentially compromise the user's system by writing malicious files.

Recommendations For Keras version 3.7.0, consider disabling the get file function until a patch is available to prevent arbitrary file writes. Restrict access to the get file function to minimize the risk of exploitation. Avoid using the get file function to download untrusted tar files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-494

Related Identifiers

AZL-55313

CVE-2024-55459

GHSA-CJGQ-5QMW-RCJ6

PYSEC-2025-121

Affected Products

Debian

Keras

CVE-2024-55459

Weakness Enumeration

Related Identifiers

Affected Products

References · 18