CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

py39-joblib -- arbitrary code execution

jimlinntu reports: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

joblib 安全漏洞

joblib is joblib open source set of tools to provide lightweight pipelining in Python. Joblib package versions prior to 1.2.0 has a security vulnerability , the vulnerability stems from its Parallel class in the predispatch flag allows an attacker to achieve arbitrary code execution through eval...

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.0.0.dev0) +332 more potentially affected by CVE-2022-21797 via joblib (>=1.0.0 <=1.1.0a0)

joblib PYPI version =1.0.0, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: SNYK:PYTHON-JOBLIB-3027033...

Arbitrary Code Execution

Overview joblib is a Lightweight pipelining with Python functions Affected versions of this package are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement. PoC py def f: return 1 p = Parallelnjobs=3, predispatch="sys.exit0" pdelayedf for i ...

GHSA-JJW5-XXJ6-PCV5 scikit-learn Deserialization of Untrusted Data

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

Security Bulletin: WML CE Scikit-learn vulnerable to irresponsible usage

Summary WML containers include scikit-learn. Scikit-learn includes joblib and pickle to cache and load models. Pickle and joblib by extension, has some issues regarding maintainability and security. Because of this, usage of the joblib.load function in scikit-learn must be done in a responsible...

DEBIAN-CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

PYSEC-2020-107

DISPUTED scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the...

UBUNTU-CVE-2020-13092

DISPUTED scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the...

PYSEC-2020-107

DISPUTED scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the...

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...