CVE-2024-37902

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-37902

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37902.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-37902

Aliases

Related

Published

2024-06-17T20:15:14Z

Modified

2025-02-18T19:52:40Z

Summary

[none]

Details

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers version 0.27.0. Users are advised to upgrade.

References

Affected packages

Git / github.com/deepjavalibrary/djl

Affected ranges

Type: GIT
Repo: https://github.com/deepjavalibrary/djl
Events: Introduced

7db1ab8f28ccf374c504ff281fd83a72a0255b03

Last affected

32859b7326d0791be1190439cc98accac684d0f0