PYSEC-2022-288

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/joblib/PYSEC-2022-288.yaml

Aliases

Published

2022-09-26T05:15:00Z

Modified

2023-11-08T04:08:10.573953Z

Details

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

References

Affected packages

PyPI / joblib

Package

Name: joblib

Affected ranges

Type: GIT
Repo: https://github.com/joblib/joblib
Events: Introduced

0The exact introduced commit is unknown

Fixed

b90f10efeb670a2cc877fb88ebb3f2019189e059

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.0

Affected versions

0.*

0.3.2d.dev

0.3.2d

0.3.2e.dev

0.3.2f.dev

0.3.2f

0.3.2g.dev

0.7.0d

0.1a.dev

0.1a

0.2a.dev

0.3a.dev

0.3.1a.dev

0.3.2.dev

0.3.2a.dev

0.3.2b.dev

0.3.2c.dev

0.3.3a.dev

0.3.3b.dev

0.3.3c.dev

0.3.4.dev

0.3.5.dev

0.3.6.dev

0.3.7.dev

0.4.0.dev

0.4.1.dev

0.4.2.dev

0.4.3.dev

0.4.4.dev

0.4.5.dev

0.4.6.dev

0.5.0.dev

0.5.0a.dev

0.5.1.dev

0.5.2.dev

0.5.3.dev

0.5.4.dev

0.5.5.dev

0.5.6.dev

0.5.7.dev

0.5.7a.dev

0.5.7a

0.5.7b.dev

0.5.7

0.6.0a

0.6.0b

0.6.0b2

0.6.0b3

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.7.0a

0.7.0b

0.7.0c

0.7.1

0.8.0a

0.8.0a2

0.8.0a3

0.8.0

0.8.1

0.8.2

0.8.3

0.8.3-r1

0.8.4

0.9.0b2

0.9.0b3

0.9.0b4

0.9.1

0.9.2

0.9.3

0.9.4

0.10.0

0.10.2

0.10.3

0.11a3

0.11

0.12.0

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.15.0

0.15.1

0.16.0

0.17.0

1.*

1.0.0

1.0.1

1.1.0a0

1.1.0

1.1.1