High

djl

TarSlip Vulnerability

A TarSlip vulnerability in the Deep Java Library (DJL) version 0.26.0 allows attackers to perform directory traversal attacks by manipulating file paths within TAR archives, potentially leading to arbitrary file overwrites. This issue was patched in version 0.27.0.

Available publicly on May 16 2024

7.8

CVSS:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Credit:

0xanis
Threat Overview

The TarSlip vulnerability in DJL arises from improper validation of file paths when extracting TAR archives. By crafting a TAR file with manipulated paths, attackers can force the extraction process to write files outside the intended directory. This could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service by overwriting critical system files or executables.

Attack Scenario

An attacker creates a malicious TAR file containing a script or executable with a manipulated path that leads outside the intended extraction directory. When this TAR file is processed by DJL's extraction function, the malicious file is placed in a directory chosen by the attacker, such as one containing executable files or system configuration files. This could allow the attacker to execute arbitrary code or disrupt system operations.

Who is affected

Any system or application that uses the Deep Java Library version 0.26.0 for processing TAR files is vulnerable to this attack. This includes servers, development environments, and any other systems where DJL is used to handle file extraction from TAR archives.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.