all InfoSec news
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a popular model, save it, and redistribute it, tainting the supply chain of dependent AI/ML applications.
Description
TensorFlow is a widely-used open-source software library for building machine learning and artificial intelligence applications. The Keras framework, …
application arbitrary code attacker attackers code code injection feature inject injection lambda may party permissions popular run running tensorflow third