← back
CVE-2024-3660

Arbitrary code injection vulnerability in Keras framework < 2.13

CVSS 9.8 CRITICALEPSS 1.7%
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
tensorflow · keras
public PoCs found1
githubgithub.com/aaryanbhujang/CVE-2024-3660-PoC4
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kb.cert.org/vuls/id/253266https://www.kb.cert.org/vuls/id/253266