Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36022

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

Published

2022-11-10T18:15:10.577

Last Modified

2024-11-21T07:12:12.230

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-344
Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	deeplearning4j	< 1.0.0	Yes
Application	eclipse	deeplearning4j	1.0.0	Yes
Application	eclipse	deeplearning4j	1.0.0	Yes
Application	eclipse	deeplearning4j	1.0.0	Yes
Application	eclipse	deeplearning4j	1.0.0	Yes
Application	eclipse	deeplearning4j	1.0.0	Yes
Application	eclipse	deeplearning4j	1.0.0	Yes

References

https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687w Third Party Advisory ([email protected])
https://github.com/mmihaltz/word2vec-GoogleNews-vectors Third Party Advisory ([email protected])
https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687w Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mmihaltz/word2vec-GoogleNews-vectors Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)