joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
[
{
"cpes": [
"cpe:2.3:a:joblib_project:joblib:*:*:*:*:*:python:*:*"
],
"vendor": "joblib_project",
"product": "joblib",
"versions": [
{
"status": "affected",
"version": "1.4.2"
}
],
"defaultStatus": "unknown"
}
]