Headline
GHSA-6hrg-qmvc-2xh8: joblib vulnerable to arbitrary code execution
The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
joblib vulnerable to arbitrary code execution
Critical severity GitHub Reviewed Published Sep 27, 2022 • Updated Sep 30, 2022
Related news
Gentoo Linux Security Advisory 202401-01
Gentoo Linux Security Advisory 202401-1 - A vulnerability has been found in Joblib which allows for arbitrary code execution. Versions greater than or equal to 1.2.0 are affected.
CVE-2022-21797: FIX make sure pre_dispatch cannot do arbitrary code execution (#1321) · joblib/joblib@b90f10e
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.