{"id":"AZL-67629","summary":"CVE-2024-3660 affecting package keras 2.11.0-3","details":"A arbitrary code injection vulnerability in TensorFlow's Keras framework (\u003c2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.","modified":"2026-04-21T04:38:13.394537Z","published":"2024-04-16T21:15:08Z","upstream":["CVE-2024-3660"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3660"}],"affected":[{"package":{"name":"keras","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/keras"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.11.0-3"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67629.json"}}],"schema_version":"1.7.5"}