Arbitrary Code Injection Vulnerability in TensorFlow's Keras Framework
CVE-2024-3660

9.8CRITICAL

Key Information:

Vendor: Tensorflow
Status: Keras
Vendor: CVE Published:; 16 April 2024

Badges

📰 News Worthy

What is CVE-2024-3660?

An arbitrary code injection vulnerability exists in TensorFlow's Keras framework prior to version 2.13. This flaw enables attackers to execute arbitrary code by exploiting models that permit such code execution, potentially compromising the application’s security and integrity. Attackers can leverage this vulnerability to gain access with the same permissions as the application, posing significant risks to sensitive data and system operations.

Affected Version(s)

keras * < 2.13

News Articles

The Hacker News

CVE-2024-50050 CVE-2024-3660

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

Meta's Llama LLM patched a high-severity flaw enabling remote code execution via Python deserialization.

References

https://kb.cert.org/vuls/id/253266

https://www.kb.cert.org/vuls/id/253266

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by The Hacker News
Jan 26, 2025
Vulnerability published
Apr 16, 2024

Tensorflow

Badges

What is CVE-2024-3660?

Affected Version(s)

News Articles

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

References

CVSS V3.1

Timeline