AI Threat Alert
CVE-2024-3660
CRITICAL
Published April 16, 2024
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| keras | pip | — | No patch |
Do you use keras? You're affected.
Severity & Risk
CVSS 3.1
9.8 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H References
- kb.cert.org/vuls/id/253266 3rd Party VDB
- kb.cert.org/vuls/id/253266 3rd Party VDB
- kb.cert.org/vuls/id/253266 3rd Party VDB
- kb.cert.org/vuls/id/253266 3rd Party VDB
Timeline
Published
April 16, 2024
Last Modified
September 23, 2025
First Seen
April 16, 2024