-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key components: 1) The load_model function's lack of safe_mode enforcement for Lambda layers in pre-2.13 versions, and 2) The Lambda layer's ability to serialize arbitrary code. Together they create an injection vector where malicious models can execute code during loading. The CERT advisory explicitly identifies Lambda layers as the injection mechanism and load_model as the execution trigger. The patch in 2.13 adds safe_mode validation to load_model for Keras v3 format files, confirming these components' roles.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| keras | pip | < 2.13.1rc0 | 2.13.1rc0 |