---
license: mit
library_name: keras
tags:
- security
- research
- poc
---

# Keras HDF5 Security Research Artifact

This repository contains a Proof of Concept (PoC) to demonstrate a Stored Code Injection vulnerability in the Keras HDF5 model format.

**Intended Use:**
This artifact is for educational purposes, security research, and bug bounty verification only. It demonstrates how Lambda layers in legacy HDF5 files can trigger code execution upon load.

**Contents:**
- `malicious_model.h5`: A Keras model containing a Lambda layer with injected bytecode.
- `keras_injector.py`: The generation script used to create the artifact (for verification).

**Verification:**
Loading this model with `safe_mode=False` will trigger a safe network callback to verify execution flow.