Arbitrary Code Injection Vulnerability in TensorFlow's Keras Framework
CVE-2024-3660
9.8CRITICAL
What is CVE-2024-3660?
An arbitrary code injection vulnerability exists in TensorFlow's Keras framework prior to version 2.13. This flaw enables attackers to execute arbitrary code by exploiting models that permit such code execution, potentially compromising the application’s security and integrity. Attackers can leverage this vulnerability to gain access with the same permissions as the application, posing significant risks to sensitive data and system operations.
Affected Version(s)
keras * < 2.13