CVE Vulnerabilities

CVE-2022-21797

Published: Sep 26, 2022 | Modified: Aug 23, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Affected Software

Name Vendor Start Version End Version
Joblib Joblib_project * 1.1.1 (excluding)
Joblib Ubuntu bionic *
Joblib Ubuntu kinetic *
Joblib Ubuntu lunar *
Joblib Ubuntu trusty *
Joblib Ubuntu trusty/esm *
Joblib Ubuntu upstream *
Joblib Ubuntu xenial *

References