Headline
CVE-2022-36022: Use of unclaimed s3 bucket in tests and examples
Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.
Package
maven org.deeplearning4j:dl4j-examples (Maven)
Affected versions
<=1.0.0-M2.1
maven org.deeplearning4j:platform-tests (Maven)
Description
Impact
People who use some older NLP examples that reference the old S3 bucket.
Patches
The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.
Workarounds
Download a word2vec google news vector from a new source using git lfs from here: https://github.com/mmihaltz/word2vec-GoogleNews-vectors
References****For more information
If you have any questions or comments about this advisory:
- Open an issue in example link to repo
- Email us at deeplearning4j-dev mailing list
Related news
### Impact People who use some older NLP examples that reference the old S3 bucket. ### Patches The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base. ### Workarounds Download a word2vec google news vector from a new source using git lfs