DeepJavaLibrary (DJL) Security Update Advisory

Jun 19 2024

Overview

An update has been released to address vulnerabilities in the DeepJavaLibrary (DJL). Users of the affected versions are advised to update to the latest version.

Affected Products

DeepJavaLibrary (DJL) versions: 0.1.0 (inclusive) ~ 0.27.0 (inclusive)

Resolved Vulnerabilities

Absolute path archiving artifacts in DeepJavaLibrary (DJL) do not prevent archive files from being inserted directly into the system and overwriting system files (CVE-2024-37902)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

DeepJavaLibrary (DJL) version: 0.28.0

Referenced Sites

[1] CVE-2024-37902 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-37902

[2] DJL v0.28.0 Release

https://github.com/deepjavalibrary/djl/releases/tag/v0.28.0

[3] Issue with DeepJavaLibrary

https://github.com/deepjavalibrary/djl/security/advisories/GHSA-w877-jfw7-46rj

DeepJavaLibrary (DJL) Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Palo Alto Networks (Cortex XDR Agent, GlobalProtect App, Prisma Cloud Compute) Family June 2024 Security Update Advisory

Google Chrome Browser (126.0.6478.114/115) Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Palo Alto Networks (Cortex XDR Agent, GlobalProtect App, Prisma Cloud Compute) Family June 2024 Security Update Advisory

Google Chrome Browser (126.0.6478.114/115) Security Update Advisory