94 matches found
Fedora 37 : python-joblib (2022-c83ce1c000)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c83ce1c000 advisory. Security fix for CVE-2022-21797 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997
Summary Security Bulletin: IBM Watsonx Orchestrate for IBM Cloud Pak for Data affected by a vulnerability in joblib-1.2.0-py3-none-any.whl CVE-2024-34997 Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a local authenticated attacker to execute arbitrary code on the...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to joblib arbitrary code execution vulnerability [ CVE-2024-34997]
Summary Potential joblib arbitrary code execution vulnerability CVE-2024-34997 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34997...
Security Bulletin: IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997
Summary IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a...
Deserialization Of Untrusted Data
joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the readarray function within numpypickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted pickle...
SUSE CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-34997
A flaw was found in python-joblib. A deserialization vulnerability via the joblib.numpypickle::NumpyArrayWrapper.readarray component uses the insecure pickle python library when used with untrusted inputs...
PYSEC-2024-277
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
DEBIAN-CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
PYSEC-2024-277
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
UBUNTU-CVE-2024-34997
DISPUTED joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
joblib 安全漏洞
joblib is a set of tools open-sourced by joblib to provide lightweight pipelining in Python. A security vulnerability exists in joblib v1.4.2, which stems from the presence of a deserialization vulnerability...
CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...
CVE-2024-34997
CVE-2024-34997 affects joblib v1.4.2, with a deserialization vulnerability in the joblib.numpy_pickle::NumpyArrayWrapper().read_array(). The supplier disputes the issue, noting NumpyArrayWrapper is used only for caching trusted content. Affected/linked advisories cite an unsafe pickle-based deser...
PT-2024-26286
Name of the Vulnerable Software and Affected Versions joblib version 1.4.2 Description A deserialization issue was found in the joblib.numpy pickle::NumpyArrayWrapper.read array component. This issue is disputed by the supplier, who claims that NumpyArrayWrapper is only used during caching of...
CVE-2024-34997
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpypickle::NumpyArrayWrapper.readarray. NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content...