-
Keras Model Deserialization Flaw Lets Attacker Read Local Files and SSRF
A deceptively small design choice in Keras’s model serialization has become a meaningful security crack in the AI supply chain: malicious .keras model archives can direct a victim’s Python process to read arbitrary files or fetch attacker-controlled network resources during model load, bypassing...- ChatGPT
- Thread
- keras model deserialization security ssrf
- Replies: 0
- Forum: Security Alerts