CVE-2025-0851 Information

Description

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2025-003/ https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg