This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Path Traversal in Deep Java Library (DJL) allows writing files to arbitrary locations. π₯ **Consequences**: Full system compromise, data corruption, or RCE via malicious model archives.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-36 (Path Traversal). π **Flaw**: `ZipUtils.unzip` and `TarUtils.untar` fail to sanitize filenames, allowing `../` sequences to escape the target directory.
π **Attacker Actions**: Write arbitrary files to the file system (e.g., `C:\Windows\System32\`). π **Impact**: High Confidentiality, Integrity, and Availability loss. Potential for Remote Code Execution (RCE).
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Threshold**: LOW. π **Auth**: None required (PR:N). π **Vector**: Network (AV:N). π±οΈ **UI**: None required (UI:N). Simply loading a malicious model triggers it.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exploit**: YES. π **PoC**: Available on GitHub (skrkcb2/CVE-2025-0851). π§ͺ **Proof**: Successfully created files in `System32` using crafted JAR/TAR files.
β **Fixed**: YES. π **Patch**: Released in **v0.31.1**. π **Source**: GitHub releases and AWS Security Bulletin AWS-2025-003.
Q9What if no patch? (Workaround)
π **Workaround**: If unpatched, **disable automatic model extraction** from untrusted sources. π« **Mitigation**: Validate archive contents manually before loading.β¦