Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:57 p.m.15 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.8CVSS7.2AI score0.02645EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/20 8:1 p.m.23 views

Security Bulletin: WML CE Scikit-learn vulnerable to irresponsible usage

Summary WML containers include scikit-learn. Scikit-learn includes joblib and pickle to cache and load models. Pickle and joblib by extension, has some issues regarding maintainability and security. Because of this, usage of the joblib.load function in scikit-learn must be done in a responsible...

9.8CVSS0.7AI score0.02645EPSS
Exploits1Affected Software1
NVD
NVD
added 2020/05/15 7:15 p.m.59 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.8CVSS9.7AI score0.02645EPSS
Exploits1References2
OSV
OSV
added 2020/05/15 7:15 p.m.9 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.8CVSS9.5AI score
Exploits0References2
CVE
CVE
added 2020/05/15 6:41 p.m.139 views

CVE-2020-13092

CVE-2020-13092 affects scikit-learn (sklearn) up to version 0.23.0. The issue arises when untrusted data is deserialized via joblib.load() and the underlying reduce path triggers an os.system call, allowing command execution. Multiple connected sources (including NVD/OSV entries and related advis...

9.8CVSS9.5AI score0.02645EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/05/15 6:41 p.m.47 views

CVE-2020-13092

scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...

9.7AI score0.02645EPSS
Exploits1References2
Rows per page
Query Builder