CNNVD-202510-4208 Information

CNNVD ID

CNNVD-202510-4208

Related CVE

CVE-2025-12060

• CNNVD Published: 2025-10-30

Description (Chinese)

Keras是Keras开源的一个多后端深度学习框架。 Keras存在安全漏洞，该漏洞源于keras.utils.get_file API在处理tar压缩包时未使用filter=data功能，可能导致路径遍历攻击。

Description (English)

Keras is a multi-back-end in-depth learning framework for Keras open sources. There is a security loophole in Keras, which stems from the fact that the keras.utils.get file API did not use the filer=data function when handling the tar compression package, which could lead to a routing attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keras

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/keras-team/keras/pull/21760 https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9 https://access.redhat.com/security/cve/cve-2025-12060

Patch

https://keras.io/getting_started/