Headline
GHSA-rc39-g977-687w: Use of unclaimed s3 bucket in tests and examples
Impact
People who use some older NLP examples that reference the old S3 bucket.
Patches
The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.
Workarounds
Download a word2vec google news vector from a new source using git lfs
Package
maven org.deeplearning4j:dl4j-examples (Maven)
Affected versions
<= 1.0.0-M2.1
Patched versions
None
maven org.deeplearning4j:platform-tests (Maven)
<= 1.0.0-M2.1
None
Description
Impact
People who use some older NLP examples that reference the old S3 bucket.
Patches
The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.
Workarounds
Download a word2vec google news vector from a new source using git lfs
References
- GHSA-rc39-g977-687w
- GHSA-rc39-g977-687w
- https://nvd.nist.gov/vuln/detail/CVE-2022-36022
- https://github.com/mmihaltz/word2vec-GoogleNews-vectors
eclipsewebmaster published the maintainer security advisory
Nov 10, 2022
Related news
Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.