Download of Code Without Integrity Check

CVE-2024-55459

Medium

6.9/10

Summary

n issue in keras 3.0.0 and after allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the "get_file" function.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-494 - Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References

Advisory
POC/Exploit

Advisory Timeline

Published Jan 08, 2025

Download of Code Without Integrity Check

CVE-2024-55459

Summary

CWE-494 - Download of Code Without Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS