CVE-2022-36022

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-36022
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36022.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36022
Aliases
Published
2022-11-10T00:00:00Z
Modified
2025-11-19T02:35:26.674034Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Some Deeplearning4J packages use unclaimed s3 bucket in tests and examples
Details

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

Database specific 
{
    "cwe_ids": [
        "CWE-344"
    ]
}
References

Affected packages

Git / github.com/eclipse/deeplearning4j

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/deeplearning4j
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f775f84e8ff25e96116af2b24ac7b1052d59f4b5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0-M2.1"
        }
    ]
}