EUVD-2025-0175

Malicious code in bioql PyPI...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

The vulnerabilities of the unzip() and untar() functions in the Deep Java Library (DJL) allow a hacker to write arbitrary files.

The vulnerability of the unzip and untar functions in the Deep Java Library DJL is related to improper external handling of file names or paths. Exploiting this vulnerability allows a malicious actor to write any files they desire remotely...

Path Traversal

Deep Java Library DJL is vulnerable to a Path Traversal. The vulnerability is due to insufficient validation of file paths in the ZipUtils.unzip and TarUtils.untar methods, allows an attacker to manipulate file paths, enabling them to write files to arbitrary locations on the system...

GHSA-JCRP-X7W3-FFMG Deep Java Library path traversal issue

Summary Deep Java Library DJL is an open-source, high-level, engine-agnostic Java framework for deep learning. DJL is designed to be easy to get started with and simple to use for Java developers. DJL provides a native Java development experience and functions like any other regular Java library...

Deep Java Library path traversal issue

Summary Deep Java Library DJL is an open-source, high-level, engine-agnostic Java framework for deep learning. DJL is designed to be easy to get started with and simple to use for Java developers. DJL provides a native Java development experience and functions like any other regular Java library...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2025-0851

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2025-0851 Path traversal issue in Deep Java Library

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

CVE-2025-0851

CVE-2025-0851 affects Deep Java Library (DJL): the unzip (ZipUtils) and untar (TarUtils) extraction utilities contain a path traversal flaw that can cause artifacts to be written outside the intended destination when extracting archives. Affected versions are DJL 0.1.0 through 0.31.0; the issue i...

CVE-2025-0851 Path traversal issue in Deep Java Library

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations...

Deep Java Library 安全漏洞

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library versions prior to 0.31.1, which stems from a path traversal issue in ZipUtils.unzip and TarUtils.untar that...

PT-2025-4075

Name of the Vulnerable Software and Affected Versions Deep Java Library DJL versions 0.1.0 through 0.31.0 Description A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library DJL on all platforms allows a bad actor to write files to arbitrary locations. This issue exists d...

Deep Java Library path traversal issue

Deep Java Library DJL is an open-source, high-level, engine-agnostic Java framework for deep learning. DJL is designed to be easy to get started with and simple to use for Java developers. DJL provides a native Java development experience and functions like any other regular Java library. DJL...

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence AI and machine learning ML models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI...

The vulnerability of the Deep Java Library (DJL) related to incorrect path name restrictions for restricted access directories allows attackers to overwrite system files.

The vulnerability of the Deep Java Library DJL is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to re-record system files remotely...

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

Deep Java Library Security Vulnerability

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library version 0.1.0 up to and including version 0.27.0, which stems from a vulnerability that will not prevent an...

Deep Java Library Security Vulnerability

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library that stems from improper validation of file paths during tar file extraction...