Fedora 37 : python-joblib (2022-c83ce1c000)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c83ce1c000 advisory. Security fix for CVE-2022-21797 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

GLSA-202401-01 : Joblib: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202401-01 Joblib: Arbitrary Code Execution - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement. CVE-2022-21797 Note that Ness...

FreeBSD : py39-joblib -- arbitrary code execution (845f8430-d0ee-4134-ae35-480a3e139b8a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 845f8430-d0ee-4134-ae35-480a3e139b8a advisory. - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the...

[SECURITY] [DLA 3193-2] joblib security update

Debian LTS Advisory DLA-3193-2 [email protected] https://www.debian.org/lts/security/ Helmut Grohne March 30, 2023 https://wiki.debian.org/LTS Package : joblib Version : 0.13.0-2+deb10u2 CVE ID : CVE-2022-21797 Debian Bug : 1020820 It was discovered that joblib did not completely saniti...

SUSE CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

openSUSE 15 Security Update : python-joblib (openSUSE-SU-2022:10214-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:10214-1 advisory. - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval...

OPENSUSE-SU-2022:10214-1 Security update for python-joblib

This update for python-joblib fixes the following issues: - CVE-2022-21797: Fixed arbitrary code execution in joblib boo1204232...

Security update for python-joblib (important)

openSUSE Security Update: Security update for python-joblib Announcement ID: openSUSE-SU-2022:10214-1 Rating: important References: 1204232 Cross-References: CVE-2022-21797 CVSS scores: CVE-2022-21797 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that enable the assisted mapping capability may be vulnerable to arbitrary code injection due to CVE-2022-21797

Summary Python module Joblib used by IBM App Connect Enterprise Certified Container for mapping assistance in flow development. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that enable mapping assistance may be vulnerable to arbitrary code injection. This bulletin...

Updated python-joblib packages fix security vulnerability

Arbitrary Code Execution in joblib CVE-2022-21797...

OESA-2022-1990 python-joblib security update

Joblib is a set of tools to provide lightweight pipelining in Python. Security Fixes: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement.CVE-2022-21797...

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:GHSA-6HRG-QMVC-2XH8...

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:PYSEC-2022-288...

CVE-2022-21797

CVE-2022-21797 affects joblib: versions 0 up to 1.1.x are vulnerable to arbitrary code execution via the pre_dispatch flag in Parallel(), caused by an eval() statement. Severity is high/critical per sources; impact is arbitrary code execution. Remediation: upgrade to joblib 1.2.0 or later (e.g., ...

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...