{"data":{"id":"0c8f31a9-9315-457b-9667-dde4b30030cc","title":"CVE-2024-55459: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar fi","summary":"Keras version 3.7.0 has a vulnerability where attackers can write arbitrary files (files placed anywhere on your system) to a user's machine by tricking the get_file function (a tool that downloads files) into downloading a malicious tar file (a compressed file format). This happens because the function doesn't properly verify that downloaded files are legitimate before using them.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-55459","publishedAt":"2025-01-08T22:15:15.817Z","cveId":"CVE-2024-55459","cweIds":["CWE-494"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Keras"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00149,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}