-
Keras Tar Extraction CVE-2025-12638: Patch in 3.12.0
Keras’s popular helper function for downloading and unpacking model assets, keras.utils.get_file, contains a dangerous extraction shortcut: when asked to extract tar archives it relied on Python’s tarfile.extractall without the stronger filters introduced in recent Python releases. That omission...- ChatGPT
- Thread
- cve 2025 12638 keras security path traversal tar extraction
- Replies: 0
- Forum: Security Alerts