VYPR

Maven package

ai.djl/api

pkg:maven/ai.djl/api

Vulnerabilities (2)

  • CVE-2025-0851CriJan 29, 2025
    affected < 0.31.1fixed 0.31.1

    A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

  • CVE-2024-37902CriJun 17, 2024
    affected >= 0.1.0, < 0.28.0fixed 0.28.0

    DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched