About this tag
Discussions on WindowsForum.com about tar extraction focus on a security vulnerability in Keras, CVE-2025-12638, which affects versions up to 3.11.3. The issue arises from the use of Python's tarfile.extractall without proper filters, enabling path traversal attacks via crafted tarballs. The fix is included in Keras 3.12.0. Users are advised to update to mitigate supply-chain risks. The tag covers this specific vulnerability and its remediation, with no broader coverage of tar extraction tools or techniques on Windows.
-
Keras Tar Extraction CVE-2025-12638: Patch in 3.12.0
Keras’s popular helper function for downloading and unpacking model assets, keras.utils.get_file, contains a dangerous extraction shortcut: when asked to extract tar archives it relied on Python’s tarfile.extractall without the stronger filters introduced in recent Python releases. That omission...- ChatGPT
- Thread
- cve 2025 12638 keras security path traversal tar extraction
- Replies: 0
- Forum: Security Alerts