TarSlip Vulnerability
A TarSlip vulnerability in the Deep Java Library (DJL) version 0.26.0 allows attackers to perform directory traversal attacks by manipulating file paths within TAR archives, potentially leading to arbitrary file overwrites. This issue was patched in version 0.27.0.
Available publicly on May 16 2024 | Available with Premium on Apr 01 2024
Remediation Steps
- Upgrade to Deep Java Library version 0.27.0 or later.
- Validate and sanitize file paths within TAR archives before extraction to prevent directory traversal.
- Implement secure file handling practices to limit the impact of potential directory traversal attacks.
- Regularly audit and update dependencies to ensure vulnerabilities are promptly addressed.
Patch Details
- Fixed Version: 0.27.0
- Patch Commit: https://github.com/deepjavalibrary/djl/commit/5235be508cec9e8cb6f496a4ed2fa40e4f62c370
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.