8 matches found
scikit-learn Deserialization of Untrusted Data
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
Design/Logic Flaw
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
CVE-2020-13092
CVE-2020-13092 affects scikit-learn (sklearn) up to version 0.23.0. The issue arises when untrusted data is deserialized via joblib.load() and the underlying reduce path triggers an os.system call, allowing command execution. Multiple connected sources (including NVD/OSV entries and related advis...
CVE-2020-13092
scikit-learn aka sklearn through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the joblib.load function is documented as unsafe and it is the user's...
PT-2020-13329 · Scikit Learn Developers +2 · Scikit-Learn +2
Name of the Vulnerable Software and Affected Versions: scikit-learn aka sklearn versions through 0.23.0 Description: The issue allows unserialization and execution of commands from an untrusted file passed to the joblib.load function, if reduce makes an os.system call. It is noted that third...