CVE-2024-37902 Overview
CVE-2024-37902 is a critical path traversal vulnerability affecting DeepJavaLibrary (DJL), an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 fail to properly validate archived artifact paths, allowing attackers to use absolute paths within archives to write files directly to arbitrary locations on the system. This type of vulnerability, commonly known as a "Zip Slip" attack, can lead to overwriting critical system files and potentially achieving remote code execution.
Critical Impact
Attackers can leverage malicious archives to overwrite system files, potentially leading to complete system compromise through arbitrary file write capabilities with no authentication required.
Affected Products
- DeepJavaLibrary (DJL) versions 0.1.0 through 0.27.0
- DJL Large Model Inference containers prior to patched version 0.27.0
Discovery Timeline
- 2024-06-17 - CVE-2024-37902 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2024-37902
Vulnerability Analysis
This vulnerability stems from improper input validation when processing archived artifacts (CWE-22: Improper Limitation of a Pathname to a Restricted Directory). When DJL extracts files from archives such as model files or dependencies, it fails to sanitize file paths contained within the archive. An attacker can craft a malicious archive containing entries with absolute paths or path traversal sequences (e.g., ../../../etc/passwd), which the library will extract without proper validation.
The attack can be executed remotely over the network without requiring any authentication or user interaction. Due to the nature of deep learning frameworks frequently downloading and extracting model archives from remote sources, this vulnerability poses a significant risk in machine learning pipelines and production environments where DJL is deployed.
Root Cause
The root cause lies in DJL's archive extraction logic, which does not validate that extracted file paths remain within the intended destination directory. When processing archive entries, the library directly uses the path specified in the archive without checking for path traversal sequences or absolute paths. This allows attackers to escape the intended extraction directory and write files to arbitrary locations on the filesystem.
Attack Vector
The attack is network-based and can be triggered when a DJL application processes a maliciously crafted archive. Attack scenarios include:
- Supply Chain Attack: An attacker compromises a model repository or CDN serving DJL artifacts, replacing legitimate archives with malicious ones
- Man-in-the-Middle: Intercepting model downloads and injecting malicious archive content
- User-Supplied Input: Applications that allow users to upload or specify model archives could be exploited directly
The vulnerability allows writing files with the permissions of the running process. If the DJL application runs with elevated privileges, attackers could overwrite critical system files such as /etc/passwd, SSH authorized keys, or application configuration files to achieve persistent access or remote code execution.
Detection Methods for CVE-2024-37902
Indicators of Compromise
- Unexpected file modifications in system directories outside of the DJL installation path
- Archive extraction operations writing to paths containing .. sequences or absolute paths
- Modified system configuration files or unauthorized SSH keys appearing after DJL operations
- Suspicious model downloads from untrusted or unexpected sources
Detection Strategies
- Monitor file system activity during DJL archive extraction operations for writes outside expected directories
- Implement application-level logging to track all archive extraction destinations
- Use file integrity monitoring (FIM) on critical system files and directories
- Deploy SentinelOne's behavioral AI to detect anomalous file write patterns from Java processes
Monitoring Recommendations
- Enable verbose logging in DJL applications to capture archive extraction paths
- Configure alerts for file writes to sensitive system directories from Java applications
- Monitor network traffic for downloads of model archives from untrusted sources
- Implement checksum verification for all downloaded model artifacts
How to Mitigate CVE-2024-37902
Immediate Actions Required
- Upgrade DJL to version 0.28.0 or later immediately
- For DJL Large Model Inference containers, ensure you are using the patched version 0.27.0
- Audit all deployed applications using DJL and identify vulnerable versions
- Review file system permissions to limit the impact of potential exploitation
Patch Information
The vulnerability has been fixed in DJL version 0.28.0. Users should upgrade to this version or later to remediate the vulnerability. For detailed release information, see the GitHub Release v0.28.0. Additional security details are available in the GitHub Security Advisory GHSA-w877-jfw7-46rj.
Workarounds
- Run DJL applications with minimal file system permissions using principle of least privilege
- Implement network-level controls to restrict model downloads to trusted repositories only
- Use containerization with read-only root filesystems where possible to limit file write capabilities
- Validate archive contents before extraction using external tools that check for path traversal sequences
# Verify DJL version in Maven project
mvn dependency:tree | grep djl
# Update DJL dependency in pom.xml to safe version
# Change version from vulnerable (0.1.0-0.27.0) to 0.28.0 or later
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
