Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blackduck vulnerability reported in all the versions of Keras #20795

Open
frnz123 opened this issue Jan 22, 2025 · 0 comments
Open

Blackduck vulnerability reported in all the versions of Keras #20795

frnz123 opened this issue Jan 22, 2025 · 0 comments
Assignees
@sachinprasadhs

Comments

@frnz123
Copy link

frnz123 commented Jan 22, 2025

In Blackduck scan ,Keras package is reported as vulnerable with CVE ID =BDSA-2025-0107. can you please let us know in which release this fix will be given and when is the release date.

Issue description:
Keras is vulnerable to arbitrary file write due to a flaw in the get_file function. This could allow an attacker to write arbitrary files to the user's machine by downloading a crafted tar file.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sachinprasadhs sachinprasadhs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frnz123 @sachinprasadhs