Published: 26/09/2022 Updated: 02/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The package joblib from 0 and prior to 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joblib project joblib
fedoraproject fedora 36
fedoraproject fedora 37
debian debian linux 10.0

Debian Bug report logs - #1020820 joblib: CVE-2022-21797 Package: src:joblib; Maintainer for src:joblib is Debian Science Maintainers <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Sep 2022 06:27:02 UTC Severity: grave Tags: security Found in ...

NVD-CWE-noinfo https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 https://github.com/joblib/joblib/issues/1128 https://github.com/joblib/joblib/pull/1321 https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033 https://lists.debian.org/debian-lts-announce/2022/11/msg00020.html https://lists.debian.org/debian-lts-announce/2023/03/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MJ5XTJS6OKJRRVXWFN5J67K3BYPEOBDF/https://security.gentoo.org/glsa/202401-01 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020820 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-21797

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect