FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py39-joblib -- arbitrary code execution

Affected packages
py39-joblib < 1.2.0

Details

VuXML ID 845f8430-d0ee-4134-ae35-480a3e139b8a
Discovery 2022-09-26
Entry 2023-04-09

jimlinntu reports:

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

References

CVE Name CVE-2022-21797
URL https://osv.dev/vulnerability/GHSA-6hrg-qmvc-2xh8
URL https://osv.dev/vulnerability/PYSEC-2022-288