CVE-2022-36022

CVSS V2 None CVSS V3 Medium 5.3
Description
Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.
Overview
  • CVE ID
  • CVE-2022-36022
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-10T18:15:10
  • Last Modified Date
  • 2022-11-15T20:27:44
Weakness Enumerations
CWE URL
CWE-330 http://cwe.mitre.org/data/definitions/330.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:eclipse:deeplearning4j:*:*:*:*:*:*:*:* 1 OR 1.0.0
cpe:2.3:a:eclipse:deeplearning4j:1.0.0:beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:eclipse:deeplearning4j:1.0.0:beta6:*:*:*:*:*:* 1 OR
cpe:2.3:a:eclipse:deeplearning4j:1.0.0:beta7:*:*:*:*:*:* 1 OR
cpe:2.3:a:eclipse:deeplearning4j:1.0.0:milestone1:*:*:*:*:*:* 1 OR
cpe:2.3:a:eclipse:deeplearning4j:1.0.0:milestone1.1:*:*:*:*:*:* 1 OR
cpe:2.3:a:eclipse:deeplearning4j:1.0.0:milestone2:*:*:*:*:*:* 1 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 5.3
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 3.9
  • Impact Score
  • 1.4
References
Reference URL Reference Tags
https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687w
https://github.com/mmihaltz/word2vec-GoogleNews-vectors
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-36022
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36022
History
Created Old Value New Value Data Type Notes
2022-11-10 19:00:10 Added to TrackCVE
2022-12-07 17:36:53 2022-11-10T18:15Z 2022-11-10T18:15:10 CVE Published Date updated
2022-12-07 17:36:53 2022-11-15T20:27:44 CVE Modified Date updated
2022-12-07 17:36:53 Analyzed Vulnerability Status updated
2022-12-07 17:36:55 CPE Information updated