Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rc39-g977-687w: Use of unclaimed s3 bucket in tests and examples

Impact

People who use some older NLP examples that reference the old S3 bucket.

Patches

The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.

Workarounds

Download a word2vec google news vector from a new source using git lfs

ghsa
#vulnerability#web#google#git#java#maven

Package

maven org.deeplearning4j:dl4j-examples (Maven)

Affected versions

<= 1.0.0-M2.1

Patched versions

None

maven org.deeplearning4j:platform-tests (Maven)

<= 1.0.0-M2.1

None

Description

Impact

People who use some older NLP examples that reference the old S3 bucket.

Patches

The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.

Workarounds

Download a word2vec google news vector from a new source using git lfs

References

  • GHSA-rc39-g977-687w
  • GHSA-rc39-g977-687w
  • https://nvd.nist.gov/vuln/detail/CVE-2022-36022
  • https://github.com/mmihaltz/word2vec-GoogleNews-vectors

eclipsewebmaster published the maintainer security advisory

Nov 10, 2022

Related news

CVE-2022-36022: Use of unclaimed s3 bucket in tests and examples

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.