漏洞标题
通过恶意构造的Keras配置实现模型加载中的任意代码执行漏洞
漏洞描述信息
Keras的Model.load_model函数允许任意代码执行,即使在safe_mode=True的情况下,通过一个手动构造的恶意.keras归档文件亦可实现。攻击者可以通过修改归档文件内的config.json文件,指定任意Python模块和函数及其参数,在模型加载过程中被加载和执行。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
对生成代码的控制不恰当(代码注入)
漏洞标题
Arbitrary Code Execution via Crafted Keras Config for Model Loading
漏洞描述信息
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
CVSS信息
N/A
漏洞类别
对生成代码的控制不恰当(代码注入)