BlackDuck reports arbitrary file write vulnerability in "get_file" function #20980
Assignees
Labels
keras-team-review-pending
Pending review by a Keras team member.
Comments
sonali-kumari1
added
the
keras-team-review-pending
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Duplicate of #20795 but the original issue has already been closed without resolution.
The issue is still present in our most recent BlackDuck scans.
According to the GitHub security advisory the issue does not originate from Palo Alto Firewalls, but from the "get_file" functionality in Keras. Here is the vulnerable code (according to GH):
keras/keras/src/utils/file_utils.py
Line 115 in 8f5592b
Here is the CVE: https://www.cve.org/CVERecord?id=CVE-2024-55459
It's hard to verify the vulnerability since the original write-up is not accessible any more.
If you require further information I will give my best to provide it.
Any feedback would be appreciated (acknowledgement of the issue or confirmation of a false positive).
Thank you very much in advance!
The text was updated successfully, but these errors were encountered: