[GHSA-xfhx-r7ww-5995] Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component#6956
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request updates the security advisory GHSA-xfhx-r7ww-5995 for a Google Keras vulnerability (CVE-2026-0897) related to resource allocation without limits or throttling in the HDF5 weight loading component. The PR documents that the security fix was backported to version 3.12.1 in addition to the main fix in version 3.13.1.
Changes:
- Added a new affected package entry documenting the backport to version 3.12.1
- Added a reference to the backport pull request (PR #22081)
- Updated the modified timestamp
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| { | ||
| "package": { | ||
| "ecosystem": "PyPI", | ||
| "name": "keras" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "3.0.0" | ||
| }, | ||
| { | ||
| "fixed": "3.12.1" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "last_known_affected_version_range": "<= 3.12.0" | ||
| } |
There was a problem hiding this comment.
The second affected package entry has overlapping version ranges with the first entry. Both entries cover the same package (keras from PyPI) but specify conflicting information:
- First entry: versions 3.0.0 to 3.13.1 are affected (fixed in 3.13.1)
- Second entry: versions 3.0.0 to 3.12.1 are affected (fixed in 3.12.1)
This creates a logical contradiction for versions 3.0.0 through 3.12.0 - they appear in both ranges but with different fix versions. According to conventions observed in similar advisories (e.g., GHSA-595p-g7xc-c333, GHSA-5rfx-cp42-p624), when a fix is backported to multiple version lines, the ranges should be non-overlapping.
If the fix was backported to both 3.12.1 and 3.13.1, the likely correct structure would be:
- Range 1: introduced at 3.0.0, fixed in 3.12.1 (covers 3.0.0 to 3.12.0 inclusive)
- Range 2: introduced at 3.13.0, fixed in 3.13.1 (covers only 3.13.0)
This would indicate that versions 3.12.1 through 3.12.x are not vulnerable (if they exist), while 3.13.0 is vulnerable but 3.13.1 fixes it.
|
Hi @maksim-m! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
1 participant
Updates
Comments
The security fix was backported to 3.12.1: keras-team/keras#22081