94 matches found
Updated python-joblib packages fix security vulnerability
Arbitrary Code Execution in joblib CVE-2022-21797...
OESA-2022-1990 python-joblib security update
Joblib is a set of tools to provide lightweight pipelining in Python. Security Fixes: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement.CVE-2022-21797...
Fedora: Security Advisory for python-joblib (FEDORA-2022-c0bfe37ae5)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: python-joblib-1.2.0-1.fc36
Joblib is a set of tools to provide lightweight pipelining in Python. In particular, joblib offers: transparent disk-caching of the output values and lazy re-evaluation memorize pattern easy simple parallel computing logging and tracing of the execution...
Arbitrary Code Execution
joblib is vulnerable to arbitrary code execution. The vulnerability exists in batchedcallsreducercallback function of parallel.py via the predispatched flag in Parallel class due to the eval statement. When the attacker enters a statement in the flag predispatch it will run whatever the attacker...
a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)
joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:GHSA-6HRG-QMVC-2XH8...
GHSA-6HRG-QMVC-2XH8 joblib vulnerable to arbitrary code execution
The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
joblib vulnerable to arbitrary code execution
The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
DEBIAN-CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
PYSEC-2022-288
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
Code injection
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)
joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:PYSEC-2022-288...
PYSEC-2022-288
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
UBUNTU-CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797 Arbitrary Code Execution
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797 Arbitrary Code Execution
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797 Arbitrary Code Execution
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
CVE-2022-21797 affects joblib: versions 0 up to 1.1.x are vulnerable to arbitrary code execution via the pre_dispatch flag in Parallel(), caused by an eval() statement. Severity is high/critical per sources; impact is arbitrary code execution. Remediation: upgrade to joblib 1.2.0 or later (e.g., ...