Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36022: Use of unclaimed s3 bucket in tests and examples

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

CVE
#vulnerability#google#git#java#maven

Package

maven org.deeplearning4j:dl4j-examples (Maven)

Affected versions

<=1.0.0-M2.1

maven org.deeplearning4j:platform-tests (Maven)

Description

Impact

People who use some older NLP examples that reference the old S3 bucket.

Patches

The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.

Workarounds

Download a word2vec google news vector from a new source using git lfs from here: https://github.com/mmihaltz/word2vec-GoogleNews-vectors

References****For more information

If you have any questions or comments about this advisory:

  • Open an issue in example link to repo
  • Email us at deeplearning4j-dev mailing list

Related news

GHSA-rc39-g977-687w: Use of unclaimed s3 bucket in tests and examples

### Impact People who use some older NLP examples that reference the old S3 bucket. ### Patches The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base. ### Workarounds Download a word2vec google news vector from a new source using git lfs

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907