CVE-2024-37902: DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not pre
criticalvulnerability
security
Summary
DeepJavaLibrary (DJL), a framework for building deep learning applications in Java, has a path traversal vulnerability (CWE-22, a flaw where an attacker can access files outside intended directories) in versions 0.1.0 through 0.27.0. This flaw allows attackers to overwrite system files by inserting archived files from absolute paths into the system.
Solution / Mitigation
Upgrade to DJL version 0.28.0 or patch to DJL Large Model Inference containers version 0.27.0.
Vulnerability Details
CVSS Score
10(critical)
EPSS (30-day exploit probability)
EPSS: 0.3%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-37902
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%