Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to joblib-1.1.1-py2.py3-none-any.whl CVE-2024-34997. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated...

7.5CVSS7.2AI score0.00664EPSS
Exploits1Affected Software1
AlpineLinux
AlpineLinux
added 2024/05/17 7:15 p.m.6 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS7.4AI score0.00664EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/05/17 12:0 a.m.34 views

CVE-2024-34997

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...

7.5CVSS6.1AI score0.00664EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/09/27 12:0 a.m.4 views

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:GHSA-6HRG-QMVC-2XH8...

9.8CVSS6.7AI score0.01975EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/09/26 5:0 a.m.6 views

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS6.8AI score0.01975EPSS
Exploits1References12
vulnersOsv
vulnersOsv
added 2022/09/19 12:4 p.m.7 views

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.0.0.dev0) +332 more potentially affected by CVE-2022-21797 via joblib (>=1.0.0 <=1.1.0a0)

joblib PYPI version =1.0.0, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: SNYK:PYTHON-JOBLIB-3027033...

9.8CVSS6.7AI score0.01975EPSS
Exploits1
Snyk
Snyk
added 2022/09/19 12:4 p.m.3 views

Arbitrary Code Execution

Overview joblib is a Lightweight pipelining with Python functions Affected versions of this package are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement. PoC py def f: return 1 p = Parallelnjobs=3, predispatch="sys.exit0" pdelayedf for i ...

9.8CVSS5.4AI score0.01975EPSS
Exploits1References3
Rows per page
Query Builder