6 matches found
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
Security Bulletin: WML CE Scikit-learn vulnerable to irresponsible usage
Summary WML containers include scikit-learn. Scikit-learn includes joblib and pickle to cache and load models. Pickle and joblib by extension, has some issues regarding maintainability and security. Because of this, usage of the joblib.load function in scikit-learn must be done in a responsible...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2020-13092
CVE-2020-13092 affects scikit-learn (sklearn) up to version 0.23.0. The issue arises when untrusted data is deserialized via joblib.load() and the underlying reduce path triggers an os.system call, allowing command execution. Multiple connected sources (including NVD/OSV entries and related advis...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...