### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjqc-jx6g-rwp9. This link is maintained to preserve external references. ### Original Description Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX sy…
GHSA-9g7v-8wxv-mwxp: Duplicate Advisory: Keras keras.utils.get_file API is vulnerable to a path traversal attack
Keras version 3.11.3 has a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives due to missing security parameters.