Lucene search
+L

94 matches found

mageia
mageia
added 2022/10/18 11:14 p.m.42 views

Updated python-joblib packages fix security vulnerability

Arbitrary Code Execution in joblib CVE-2022-21797...

9.8CVSS3.2AI score0.01975EPSS
Exploits1References2
osv
osv
added 2022/10/14 11:4 a.m.6 views

OESA-2022-1990 python-joblib security update

Joblib is a set of tools to provide lightweight pipelining in Python. Security Fixes: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement.CVE-2022-21797...

9.8CVSS7.3AI score0.01975EPSS
Exploits1References2
openvas
openvas
added 2022/10/10 12:0 a.m.13 views

Fedora: Security Advisory for python-joblib (FEDORA-2022-c0bfe37ae5)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.01975EPSS
Exploits1References2
fedora
fedora
added 2022/10/08 5:34 p.m.28 views

[SECURITY] Fedora 36 Update: python-joblib-1.2.0-1.fc36

Joblib is a set of tools to provide lightweight pipelining in Python. In particular, joblib offers: transparent disk-caching of the output values and lazy re-evaluation memorize pattern easy simple parallel computing logging and tracing of the execution...

9.8CVSS2.6AI score0.01975EPSS
Exploits1
veracode
veracode
added 2022/09/27 7:29 a.m.23 views

Arbitrary Code Execution

joblib is vulnerable to arbitrary code execution. The vulnerability exists in batchedcallsreducercallback function of parallel.py via the predispatched flag in Parallel class due to the eval statement. When the attacker enters a statement in the flag predispatch it will run whatever the attacker...

9.8CVSS9.2AI score0.01975EPSS
Exploits1References11Affected Software2
vulnersosv
vulnersosv
added 2022/09/27 12:0 a.m.4 views

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:GHSA-6HRG-QMVC-2XH8...

9.8CVSS6.7AI score0.01975EPSS
Exploits1
osv
osv
added 2022/09/27 12:0 a.m.167 views

GHSA-6HRG-QMVC-2XH8 joblib vulnerable to arbitrary code execution

The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS8.3AI score0.01975EPSS
Exploits1References17
github
github
added 2022/09/27 12:0 a.m.38 views

joblib vulnerable to arbitrary code execution

The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS9.1AI score0.01975EPSS
Exploits1References17Affected Software1
osv
osv
added 2022/09/26 5:15 a.m.2 views

DEBIAN-CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS7.3AI score0.01975EPSS
Exploits1References1
nvd
nvd
added 2022/09/26 5:15 a.m.28 views

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS0.01975EPSS
Exploits1References9
osv
osv
added 2022/09/26 5:15 a.m.58 views

PYSEC-2022-288

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS4.7AI score0.01975EPSS
Exploits1References5
prion
prion
added 2022/09/26 5:15 a.m.25 views

Code injection

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

7.5CVSS9.3AI score0.01975EPSS
Exploits1References9Affected Software3
vulnersosv
vulnersosv
added 2022/09/26 5:15 a.m.6 views

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:PYSEC-2022-288...

9.8CVSS6.7AI score0.01975EPSS
Exploits1
pypa
pypa
added 2022/09/26 5:15 a.m.9 views

PYSEC-2022-288

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS5.5AI score0.01975EPSS
Exploits1References5Affected Software1
osv
osv
added 2022/09/26 5:15 a.m.5 views

UBUNTU-CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS6.7AI score0.01975EPSS
Exploits1References6
osv
osv
added 2022/09/26 5:5 a.m.28 views

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

7.3CVSS6.8AI score0.01975EPSS
Exploits1References11
vulnrichment
vulnrichment
added 2022/09/26 5:5 a.m.17 views

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

7.3CVSS7.1AI score0.01975EPSS
Exploits1References9
cvelist
cvelist
added 2022/09/26 5:5 a.m.56 views

CVE-2022-21797 Arbitrary Code Execution

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

7.3CVSS9.7AI score0.01975EPSS
Exploits1References9
debiancve
debiancve
added 2022/09/26 5:5 a.m.44 views

CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

9.8CVSS7.2AI score0.01975EPSS
Exploits1
cve
cve
added 2022/09/26 5:5 a.m.202 views

CVE-2022-21797

CVE-2022-21797 affects joblib: versions 0 up to 1.1.x are vulnerable to arbitrary code execution via the pre_dispatch flag in Parallel(), caused by an eval() statement. Severity is high/critical per sources; impact is arbitrary code execution. Remediation: upgrade to joblib 1.2.0 or later (e.g., ...

9.8CVSS8.4AI score0.01975EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder