CVE-2024-34997

2024-05-1700:00:00

ubuntu.com

cve-2024-34997

joblib

deserialization vulnerability

numpyarraywrapper

unix

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

joblib v1.4.2 was discovered to contain a deserialization vulnerability via
the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchjoblib< anyUNKNOWN
ubuntu20.04noarchjoblib< anyUNKNOWN
ubuntu22.04noarchjoblib< anyUNKNOWN
ubuntu23.10noarchjoblib< anyUNKNOWN
ubuntu24.04noarchjoblib< anyUNKNOWN
ubuntu14.04noarchjoblib< anyUNKNOWN
ubuntu16.04noarchjoblib< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	joblib	< any	UNKNOWN
ubuntu	20.04	noarch	joblib	< any	UNKNOWN
ubuntu	22.04	noarch	joblib	< any	UNKNOWN
ubuntu	23.10	noarch	joblib	< any	UNKNOWN
ubuntu	24.04	noarch	joblib	< any	UNKNOWN
ubuntu	14.04	noarch	joblib	< any	UNKNOWN
ubuntu	16.04	noarch	joblib	< any	UNKNOWN