cve 2025 12638

Keras’s popular helper function for downloading and unpacking model assets, keras.utils.get_file, contains a dangerous extraction shortcut: when asked to extract tar archives it relied on Python’s tarfile.extractall without the stronger filters introduced in recent Python releases. That omission...