CVE-2022-21797

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21797
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21797.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21797
Aliases
Related
Published
2022-09-26T05:15:10Z
Modified
2025-01-15T02:14:49.947098Z
Downstream
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

References

Affected packages

Debian:11 / joblib

Package

Name
joblib
Purl
pkg:deb/debian/joblib?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.17.0-4+deb11u1

Affected versions

0.*

0.17.0-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / joblib

Package

Name
joblib
Purl
pkg:deb/debian/joblib?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / joblib

Package

Name
joblib
Purl
pkg:deb/debian/joblib?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/joblib/joblib

Affected ranges

Type
GIT
Repo
https://github.com/joblib/joblib
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.10.0
0.10.2
0.11
0.12
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.13.0
0.13.1
0.13.2
0.14.0
0.14.1
0.15.0
0.15.1
0.16.0
0.17.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.5.0
0.5.1
0.5.3
0.5.4
0.5.7
0.6.0
0.6.0.b
0.6.0.b2
0.6.0.b3
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.7.0c
0.7.0d
0.7.1
0.8.0
0.8.0a2
0.8.0a3
0.8.1
0.8.2
0.8.3
0.8.3-r1
0.8.4
0.9.0
0.9.0b2
0.9.0b3
0.9.0b4
0.9.1
0.9.2
0.9.3
0.9.4

1.*

1.0.0
1.0.1
1.1.0