Cyber Resilience

CVE-2022-36022

Medium

Published: 10 November 2022

Published
10 November 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0036 58.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36022 is a medium-severity Use of Invariant Value in Dynamically Changing Context (CWE-344) vulnerability in Eclipse Deeplearning4J. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 41.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other AI Platforms.

EU & UK References

Vulnerability details

Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearning4j:dl4j-examples and org.deeplearning4j:platform-tests through version 1.0.0-M2.1 may use some unclaimed S3 buckets in tests in examples. This is likely affect people who use…

more

some older NLP examples that reference an old S3 bucket. The problem has been patched. Users should upgrade to snapshots as Deeplearning4J plan to publish a release with the fix at a later date. As a workaround, download a word2vec google news vector from a new source using git lfs from here.

CWE(s)

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: deep learning

Related Threats

Affected Assets

eclipse
deeplearning4j
1.0.0 · ≤ 1.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-330

Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.

References