GHSA-pwq7-2gvj-vg9v

Source

https://github.com/advisories/GHSA-pwq7-2gvj-vg9v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-pwq7-2gvj-vg9v/GHSA-pwq7-2gvj-vg9v.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-pwq7-2gvj-vg9v

Withdrawn

2025-08-12T19:24:04Z

Published

2025-08-11T09:30:36Z

Modified

2025-08-12T19:35:14.508395Z

Severity

8.6 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:A CVSS Calculator

Summary

Duplicate Advisory: Keras safe mode bypass vulnerability

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-c9rc-mg46-23w3. This link is maintained to preserve external references.

Original Description

A safe mode bypass vulnerability in the Model.load_model method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted .keras model archive.

Database specific

{
    "nvd_published_at": "2025-08-11T08:15:26Z",
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-11T23:08:38Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-502"
    ]
}

References

Affected packages

PyPI / keras

Package

Name: keras; View open source insights on deps.dev
Purl: pkg:pypi/keras

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.11.0

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.1

3.2.0

3.2.1

3.3.0

3.3.1

3.3.2

3.3.3

3.4.0

3.4.1

3.5.0

3.6.0

3.7.0

3.8.0

3.9.0

3.9.1

3.9.2

3.10.0