Keras HDF5 Security Research Artifact
This repository contains a Proof of Concept (PoC) to demonstrate a Stored Code Injection vulnerability in the Keras HDF5 model format.
Intended Use: This artifact is for educational purposes, security research, and bug bounty verification only. It demonstrates how Lambda layers in legacy HDF5 files can trigger code execution upon load.
Contents:
malicious_model.h5: A Keras model containing a Lambda layer with injected bytecode.keras_injector.py: The generation script used to create the artifact (for verification).
Verification:
Loading this model with safe_mode=False will trigger a safe network callback to verify execution flow.
- Downloads last month
- -
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support