CVE-2024-55459

Summary

CVE-2024-55459 is a newly disclosed vulnerability affecting the keras library in version 3.7.0. This issue permits attackers to write arbitrary files onto the user's machine by crafting a malicious tar file, which can then be downloaded using the library's `get_file()` function. The function is responsible for downloading and extracting files, but it fails to adequately validate the integrity and legitimacy of downloaded tar archives. This oversight can lead to significant security risks, as attackers can exploit this vulnerability to install malware or execute unauthorized commands on the targeted system. To mitigate this risk, users are advised to update their keras installations to the latest patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.