PYSEC-2022-288
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/joblib/PYSEC-2022-288.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2022-288
- Aliases
- Published
- 2022-09-26T05:15:00Z
- Modified
- 2023-11-08T04:08:10.573953Z
- Summary
- [none]
- Details
-
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
- References
Affected packages
PyPI / joblib
Package
- Name
- joblib
- View open source insights on deps.dev
- Purl
- pkg:pypi/joblib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/joblib/joblib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.0
Affected versions
0.*
0.3.2d.dev
0.3.2d
0.3.2e.dev
0.3.2f.dev
0.3.2f
0.3.2g.dev
0.7.0d
0.1a.dev
0.1a
0.2a.dev
0.3a.dev
0.3.1a.dev
0.3.2.dev
0.3.2a.dev
0.3.2b.dev
0.3.2c.dev
0.3.3a.dev
0.3.3b.dev
0.3.3c.dev
0.3.4.dev
0.3.5.dev
0.3.6.dev
0.3.7.dev
0.4.0.dev
0.4.1.dev
0.4.2.dev
0.4.3.dev
0.4.4.dev
0.4.5.dev
0.4.6.dev
0.5.0.dev
0.5.0a.dev
0.5.1.dev
0.5.2.dev
0.5.3.dev
0.5.4.dev
0.5.5.dev
0.5.6.dev
0.5.7.dev
0.5.7a.dev
0.5.7a
0.5.7b.dev
0.5.7
0.6.0a
0.6.0b
0.6.0b2
0.6.0b3
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.7.0a
0.7.0b
0.7.0c
0.7.1
0.8.0a
0.8.0a2
0.8.0a3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.3-r1
0.8.4
0.9.0b2
0.9.0b3
0.9.0b4
0.9.1
0.9.2
0.9.3
0.9.4
0.10.0
0.10.2
0.10.3
0.11a3
0.11
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.13.0
0.13.1
0.13.2
0.14.0
0.14.1
0.15.0
0.15.1
0.16.0
0.17.0
1.*
1.0.0
1.0.1
1.1.0a0
1.1.0
1.1.1