Arbitrary Code Execution in Keras' load_model Function
Description
Keras' load_model function may result in arbitrary code execution due to the potential loading of vulnerable pickled models or hdf5 models containing lambda layers with arbitrary code. This can lead to code execution during model loading, training, or evaluation.
Examples
Insecure Code
python
keras.models.load_model('vulnerable_model.pkl')Secure Code
python
keras.models.load_model('safe_model.h5', compile=False)Remediation
Use the built-in file format and ensure checks are not disabled when loading models with Keras. Validate and sanitize user-inputted model files to prevent deserialization of untrusted data.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0805 |
| Category | Deserialization |
| Severity | CRITICAL |
| CWE | CWE-502 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | arbitrary code execution, deserialization |
| OWASP | N/A |