High Severity

djl

TarSlip Vulnerability

A TarSlip vulnerability in the Deep Java Library (DJL) version 0.26.0 allows attackers to perform directory traversal attacks by manipulating file paths within TAR archives, potentially leading to arbitrary file overwrites. This issue was patched in version 0.27.0.

Available publicly on May 16 2024

7.8

CVE:

CVE-2024-2914

CWE:

29:Path Traversal: '\..\filename'

CVSS:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Credit:

0xanis
AssessDetect

Unavailable

Remediate
Remediation Steps
  • Upgrade to Deep Java Library version 0.27.0 or later.
  • Validate and sanitize file paths within TAR archives before extraction to prevent directory traversal.
  • Implement secure file handling practices to limit the impact of potential directory traversal attacks.
  • Regularly audit and update dependencies to ensure vulnerabilities are promptly addressed.
Patch Details
  • Fixed Version: 0.27.0
  • Patch Commit: https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon