The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Joblib | Joblib_project | * | 1.1.1 (excluding) |
Joblib | Ubuntu | bionic | * |
Joblib | Ubuntu | kinetic | * |
Joblib | Ubuntu | lunar | * |
Joblib | Ubuntu | trusty | * |
Joblib | Ubuntu | trusty/esm | * |
Joblib | Ubuntu | upstream | * |
Joblib | Ubuntu | xenial | * |