ip-utils is a Library of useful functions related to IP

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper handling of non-standard IP address representations. The isPrivate() function fails to correctly identify certain private IP addresses when they are presented in hexadecimal or octal formats.

keras is a Keras is a high-level neural networks API for Python..

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load_model() function, which uses pickle for serialization. An attacker can execute code even if safe_mode is set to True, by supplying a malicious .keras file. The included config.json can be manipulated to point to and load npz model files containing executable code.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket creation endpoint. In createServiceFactory, external entities referenced in the CreateBucketConfiguration XML document are resolved and retrieved. This allows attackers to perform server-side request forgery (SSRF) attacks or expose information from internal URLs that are not meant to be accessible.