DeepJavaLibrary API 絶対パストラバーサル

The core of this vulnerability lies in DJL's handling of archived artifacts. Specifically, the library fails to adequately validate paths when extracting these archives, permitting attackers to specify absolute paths. This allows an attacker to craft a malicious archive containing files designed to overwrite critical system files. The potential impact is severe, ranging from complete system compromise to denial of service. Successful exploitation could lead to the installation of malware, data exfiltration, or the complete takeover of the affected system. The ability to overwrite system files elevates the blast radius significantly, potentially impacting other applications and services running on the same host.

Organizations utilizing DJL in production environments, particularly those deploying deep learning models in containerized environments, are at significant risk. Shared hosting environments where multiple users share the same server are also vulnerable, as a compromised DJL instance could potentially impact other users on the same host. Legacy systems running older versions of DJL are especially susceptible.

• linux / server: Monitor system logs (e.g., /var/log/syslog, /var/log/auth.log) for unusual file creation or modification events, particularly in system directories. Use lsof or fuser to identify processes accessing sensitive files.

lsof /etc/passwd

• java: Examine application logs for errors related to file extraction or path validation. Use a Java profiler to monitor file system access patterns within the DJL application. • generic web: If DJL is integrated into a web application, monitor web server access logs for requests containing unusual or suspicious file paths. • windows / supply-chain: Check scheduled tasks for any suspicious entries that might be related to DJL or its components. Use Autoruns to identify any unusual startup programs or services associated with DJL.

Get-ScheduledTask | Where-Object {$_.TaskName -like '*djl*'}

1. 2024-06-17Disclosure

   disclosure

2. 2024-06-17Patch

   patch

1. 予約済み2024-06-10
2. 公開日2024-06-17
3. 更新日2026-02-04
4. EPSS 更新日2026-04-02

The primary mitigation is to upgrade to DJL version 0.28.0, which includes the necessary fixes to prevent absolute path traversal. If upgrading is not immediately feasible, consider utilizing the patched Deep Learning Containers 0.27.0 provided by AWS. As a temporary workaround, restrict access to the DJL API to trusted sources and implement strict file system permissions to limit the impact of a potential exploit. Monitor system logs for unusual file creation or modification activity, particularly in sensitive system directories. After upgrading, confirm the fix by attempting to extract an archive with an absolute path and verifying that the extraction fails with an appropriate error message.