A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
https://www.scmagazine.com/news/tensorflow-ai-models-at-risk-due-to-keras-api-flaw
https://kb.cert.org/vuls/id/253266