CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

ai.djl.android:core (=0.30.0), ai.djl.android:onnxruntime (>=0.30.0 <=0.31.0) +79 more potentially affected by CVE-2025-0851 via ai.djl:api (>=0.2.0 <=0.31.0)

ai.djl:api MAVEN version =0.2.0, =0.30.0, =0.30.0, =0.30.0, =0.30.0, =0.30.0, =0.30.0, =0.30.0, =0.30.0, =0.30.0, =0.2.0, =0.2.0, =0.30.0, =0.30.0, =0.30.0, =0.31.0 and more Source cves: CVE-2025-0851 Source advisory: OSV:GHSA-JCRP-X7W3-FFMG...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2025-0851

creationtimestamp| type| source ---|---|--- 2025-01-29 21:46:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113913835972390585 2025-01-29 22:16:24+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgvyoikrbk2p 2025-01-29 22:29:31+00:00| seen|...

CVE-2025-0851

CVE-2025-0851 affects Deep Java Library (DJL): the unzip (ZipUtils) and untar (TarUtils) extraction utilities contain a path traversal flaw that can cause artifacts to be written outside the intended destination when extracting archives. Affected versions are DJL 0.1.0 through 0.31.0; the issue i...

CVE-2025-0851 Path traversal issue in Deep Java Library

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...