Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data in keras-team/keras
Vulnerability Description
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Keras 反序列化注入漏洞
Vulnerability Description
Keras是Keras团队开源的一个多后端深度学习框架。 Keras 3.14.0版本存在反序列化注入漏洞,该漏洞源于对Lambda层反序列化处理不当,导致代码执行。
CVSS Information
N/A
Vulnerability Type
N/A