CVE-2022-21797

Improper Control of Generation of Code in pypi/joblib

Identifiers

CVE-2022-21797

Package Slug

pypi/joblib

Vulnerability

Improper Control of Generation of Code

Description

The package joblib before version 1.2.0 is vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Affected Versions

All versions before 1.1.1

Solution

Upgrade to version 1.1.1 or above.

Last Modified

2022-09-27

source