Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yYzM5LWc5NzctNjg3d84AAv0X
Use of unclaimed s3 bucket in tests and examples
Impact
People who use some older NLP examples that reference the old S3 bucket.
Patches
The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.
Workarounds
Download a word2vec google news vector from a new source using git lfs
Permalink: https://github.com/advisories/GHSA-rc39-g977-687wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yYzM5LWc5NzctNjg3d84AAv0X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-rc39-g977-687w, CVE-2022-36022
References:
- https://github.com/deeplearning4j/deeplearning4j/security/advisories/GHSA-rc39-g977-687w
- https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687w
- https://nvd.nist.gov/vuln/detail/CVE-2022-36022
- https://github.com/mmihaltz/word2vec-GoogleNews-vectors
- https://github.com/advisories/GHSA-rc39-g977-687w
Blast Radius: 1.0
Affected Packages
maven:org.deeplearning4j:dl4j-examples
Affected Version Ranges: <= 1.0.0-M2.1No known fixed version
maven:org.deeplearning4j:platform-tests
Affected Version Ranges: <= 1.0.0-M2.1No known fixed version