CVE-2022-21797

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

References

Affected packages

Git / github.com/joblib/joblib

Affected ranges

Type

GIT

Repo

https://github.com/joblib/joblib

Events

Introduced

Fixed

f08737d9f23d3cdb40680f2e43d5e447bffe6271

Fixed

b90f10efeb670a2cc877fb88ebb3f2019189e059

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.1.1"
        }
    ]
}

Affected versions

0.*

0.10.0

0.10.2

0.10.3

0.11

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.15.0

0.15.1

0.16.0

0.17.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.7

0.6.0

0.6.0.b

0.6.0.b2

0.6.0.b3

0.6.0a

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.7.0

0.7.0a

0.7.0b

0.7.0c

0.7.0d

0.7.1

0.8.0

0.8.0a

0.8.0a2

0.8.0a3

0.8.1

0.8.2

0.8.3

0.8.3-r1

0.8.4

0.9.0

0.9.0b2

0.9.0b3

0.9.0b4

0.9.1

0.9.2

0.9.3

0.9.4

1.*

1.0.0

1.0.1

1.1.0

debian/0.*

debian/0.4.3-1

debian/0.4.5-1

debian/0.4.6-1

debian/0.4.6-2

debian/0.5.1-1

debian/0.5.4-1

debian/0.6.0_b2-1

debian/0.6.0_b3-1

debian/0.6.1-1

debian/0.6.4-1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21797.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]