{"data":{"id":"08c4f7b8-e2b5-42d4-a94b-98e96a264e99","title":"CVE-2024-37902: DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not pre","summary":"DeepJavaLibrary (DJL), a framework for building deep learning applications in Java, has a path traversal vulnerability (CWE-22, a flaw where an attacker can access files outside intended directories) in versions 0.1.0 through 0.27.0. This flaw allows attackers to overwrite system files by inserting archived files from absolute paths into the system.","solution":"Upgrade to DJL version 0.28.0 or patch to DJL Large Model Inference containers version 0.27.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-37902","publishedAt":"2024-06-17T20:15:14.463Z","cveId":"CVE-2024-37902","cweIds":["CWE-22"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["DeepJavaLibrary (DJL)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00288,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}