CVE-2022-36022

Name: CVE-2022-36022
Creator: NVD / NIST
Published: 2022-11-10T18:15:10.577+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.39%

Last modified Jun 17, 2026

CVE-2022-36022 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.39%

30.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Eclipse	Deeplearning4j	< 1.0.0	—
Eclipse	Deeplearning4j	1.0.0	Beta5

References

https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687wThird Party Advisory
https://github.com/mmihaltz/word2vec-GoogleNews-vectorsThird Party Advisory
https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687wThird Party Advisory
https://github.com/mmihaltz/word2vec-GoogleNews-vectorsThird Party Advisory

Timeline

Published: Nov 10, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-36022?

How severe is CVE-2022-36022?

CVE-2022-36022 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.

How do I fix CVE-2022-36022?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-36022?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST