Critical severityNVD Advisory· Published Apr 16, 2024· Updated Feb 13, 2025
Arbitrary code injection vulnerability in Keras framework < 2.13
CVE-2024-3660
Description
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kerasPyPI | < 2.13.1rc0 | 2.13.1rc0 |
Affected products
2- tensorflow/kerasv5Range: *
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.