YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Keras Native safe-mode Lambda callable gadget PoC
This repository contains a minimized Keras Native .keras model for a Huntr disclosure against keras-team/keras commit a1f5499d6251.
File
plot_gallery_gadget.keras: loads withkeras.saving.load_model(..., safe_mode=True)and writes/tmp/keras_gallery_write.pngwhen called for inference.
Expected behavior
import keras, numpy as np, os
m = keras.saving.load_model("plot_gallery_gadget.keras", safe_mode=True)
m(np.zeros((1, 8, 8, 3), dtype="float32"))
print(os.path.exists("/tmp/keras_gallery_write.png"))
Expected output:
True
No arbitrary code execution is claimed. This demonstrates a Keras Native model-file callable gadget that performs attacker-selected file writes despite safe-mode loading.
- Downloads last month
- 20
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support