Keras Path Traversal Vulnerability in tar Archive Extraction

A path traversal vulnerability has been identified in Keras version 3.11.3, specifically within the `keras.utils.get_file()` function when it extracts tar archives. The issue arises because the function utilizes Python's `tarfile.extractall()` method without the necessary security filter, allowing malicious tar files to bypass path safety checks and write files outside the designated extraction directory. This flaw can lead to arbitrary file writes beyond the cache directory, potentially compromising the system or enabling the execution of malicious code.

Impact

Exploitation of this vulnerability allows for arbitrary file writes outside the intended cache directory, with the potential for overwriting sensitive configuration files or injecting malicious scripts into application directories. Such actions could lead to a broader compromise of the user's system or application environment.

Reproduction

The vulnerability can be reproduced by downloading a malicious tar file using the `keras.utils.get_file()` function with the `extract` parameter set to true. The tar file should contain a symlink structure designed to exploit the PATH_MAX resolution bug, allowing files to be written outside the normal extraction path. Once the file is extracted, the exploited file will appear in a specified directory, confirming the vulnerability.

Remediation

To address this vulnerability, Keras should modify the extraction method to include the filter parameter, ensuring that tar files are processed safely. This can be done by using `tarfile.extractall(path, filter='data')` instead of the current approach.