CVE-2022-21797

Опубликовано: 26 сент. 2022

Источник: debian

EPSS Низкий

Описание

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
joblib	fixed	1.2.0-1		package
joblib	fixed	0.17.0-4+deb11u1	bullseye	package

Примечания

https://github.com/joblib/joblib/issues/1128
https://github.com/joblib/joblib/pull/1321
Better fix: https://github.com/joblib/joblib/pull/1327
Fixed by: https://github.com/joblib/joblib/commit/54f4d21f098591c77b48c9acfffaa4cf0a45282b (1.2.0)
https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033

EPSS

Процентиль: 46%

0.00236

Низкий

Связанные уязвимости

CVE-2022-21797

CVSS3: 7.3

ubuntu

больше 3 лет назад

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

CVE-2022-21797

CVSS3: 7.3

nvd

больше 3 лет назад

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

openSUSE-SU-2022:10214-1

suse-cvrf

около 3 лет назад

Security update for python-joblib

GHSA-6hrg-qmvc-2xh8

CVSS3: 9.8

github

больше 3 лет назад

joblib vulnerable to arbitrary code execution

EPSS

Процентиль: 46%

0.00236

Низкий