CVE-2024-3660
#20464
Replies: 1 comment 1 reply
-
|
The vulnerability consists of saying "unpickling unstrusted code on your machine is unsafe", which, duh. So you can ignore the vulnerability report entirely. It's not a Keras vulnerability. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Ok, but security departments are not thinking in this way. They just say "eliminate this cve from your image". |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Some of our customers uses vulnerability check platforms for docker images. Our application is using tensorflow and it is a bit older and it uses tensorflow[and-cuda] == 2.12.0 and it uses keras below version 2.13. nd it is said that i must use Keras 2.13+. But i dont know how tensorflow adapt to this issue. I couldnt find the solution from internet. One way is install Keras 2.13 but i am not sure if my code still works fine or not. Can aynone help me? I think it is really huge amount of change to upgrade my tensorflow to latest because of python 3.8 requirements. I have bunch of other packages used in my project. And changing them all is huge.
Beta Was this translation helpful? Give feedback.
All reactions