CVE-2025-0851

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-0851

Severity

Unknown

Description

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

References

https://images.chainguard.dev/security/CGA-7vm7-67m5-2c92
https://github.com/advisories/GHSA-jcrp-x7w3-ffmg
https://images.chainguard.dev/security/CGA-wr35-h5w9-vqmm
https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg
https://aws.amazon.com/security/security-bulletins/AWS-2025-003/
https://github.com/deepjavalibrary/djl/releases/tag/v0.31.1

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal