-
Notifications
You must be signed in to change notification settings - Fork 651
Vulnerability in quantum project #1003
Copy link
Copy link
Closed
Labels
area/dependenciesInvolves libraries or other software that TFQ depends onInvolves libraries or other software that TFQ depends onarea/healthInvolves general matters of project configuration, health, maintenance, and similar concernsInvolves general matters of project configuration, health, maintenance, and similar concernskind/bug-reportSomething doesn't seem to workSomething doesn't seem to work
Description
Metadata
Metadata
Assignees
Labels
area/dependenciesInvolves libraries or other software that TFQ depends onInvolves libraries or other software that TFQ depends onarea/healthInvolves general matters of project configuration, health, maintenance, and similar concernsInvolves general matters of project configuration, health, maintenance, and similar concernskind/bug-reportSomething doesn't seem to workSomething doesn't seem to work
while working on quantum project, I found a vulnerability It is an arbitrary file read vulnerability in Keras caused by improper handling of HDF5 external dataset references when loading .keras model files. A malicious model file can be crafted to read local files from the system where Keras is running, potentially exposing sensitive data.
CVE LINK
CVE Report