CVE-2024-3660
#20464
Replies: 1 comment 1 reply
-
|
The vulnerability consists of saying "unpickling unstrusted code on your machine is unsafe", which, duh. So you can ignore the vulnerability report entirely. It's not a Keras vulnerability. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Ok, but security departments are not thinking in this way. They just say "eliminate this cve from your image". |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Some of our customers uses vulnerability check platforms for docker images. Our application is using tensorflow and it is a bit older and it uses tensorflow[and-cuda] == 2.12.0 and it uses keras below version 2.13. nd it is said that i must use Keras 2.13+. But i dont know how tensorflow adapt to this issue. I couldnt find the solution from internet. One way is install Keras 2.13 but i am not sure if my code still works fine or not. Can aynone help me? I think it is really huge amount of change to upgrade my tensorflow to latest because of python 3.8 requirements. I have bunch of other packages used in my project. And changing them all is huge.
Beta Was this translation helpful? Give feedback.
All reactions