{"data":{"id":"1dee3c85-e7fc-453d-acd4-4532024dca2a","title":"CVE-2022-36022: Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearn","summary":"Deeplearning4J (a tool for building machine learning models on Java systems) versions up to 1.0.0-M2.1 have a vulnerability where some test code references unclaimed S3 buckets (cloud storage spaces that no longer belong to the original owner), which could potentially be exploited by attackers who claim those buckets. This mainly affects older natural language processing examples in the software.","solution":"Users should upgrade to snapshots (development versions) of Deeplearning4J. A full release with the fix is planned for a later date. As a workaround, download a word2vec Google News vector (a pre-trained language model) from a new source using git lfs (a system for managing large files in code repositories).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36022","publishedAt":"2022-11-10T18:15:10.577Z","cveId":"CVE-2022-36022","cweIds":["CWE-344","CWE-330"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Deeplearning4J"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0022,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-20"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}