Lucene search
PRIOn knowledge basePRION:CVE-2022-21797HistorySep 26, 2022 - 5:15 a.m.
Code injection
2022-09-2605:15:00
PRIOn knowledge base
www.prio-n.com
5
code injection
joblib
pre_dispatch flag
arbitrary code execution
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
References
github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059
github.com/joblib/joblib/issues/1128
github.com/joblib/joblib/pull/1321
lists.debian.org/debian-lts-announce/2022/11/msg00020.html
lists.debian.org/debian-lts-announce/2023/03/msg00027.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVOMMW37OXZWU2EV5ONAAS462IQEHZOF/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MJ5XTJS6OKJRRVXWFN5J67K3BYPEOBDF/
security.gentoo.org/glsa/202401-01
security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033
Related
nessus
nessus
FreeBSD : py39-joblib -- arbitrary code execution (845f8430-d0ee-4134-ae35-480a3e139b8a)
2023-04-14 00:00:00
openSUSE 15 Security Update : python-joblib (openSUSE-SU-2022:10214-1)
2022-11-24 00:00:00
GLSA-202401-01 : Joblib: Arbitrary Code Execution
2024-01-02 00:00:00
osv
osv
joblib vulnerable to arbitrary code execution
2022-09-27 00:00:22
joblib - security update
2023-03-30 00:00:00
PYSEC-2022-288
2022-09-26 05:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: python-joblib-1.2.0-1.fc36
2022-10-08 17:34:06
[SECURITY] Fedora 37 Update: python-joblib-1.2.0-1.fc37
2022-11-10 22:36:16
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0375)
2022-10-19 00:00:00
Fedora: Security Advisory for python-joblib (FEDORA-2022-c83ce1c000)
2022-11-11 00:00:00
Debian: Security Advisory (DLA-3193-2)
2023-03-31 00:00:00
nvd
nvd
CVE-2022-21797
2022-09-26 05:15:10
alpinelinux
alpinelinux
CVE-2022-21797
2022-09-26 05:15:10
ubuntucve
ubuntucve
CVE-2022-21797
2022-09-26 00:00:00
gentoo
gentoo
Joblib: Arbitrary Code Execution
2024-01-02 00:00:00
debian
debian
[SECURITY] [DLA 3193-1] joblib security update
2022-11-17 11:06:19
[SECURITY] [DLA 3193-2] joblib security update
2023-03-30 17:18:46
veracode
veracode
Arbitrary Code Execution
2022-09-27 07:29:55
cve
cve
CVE-2022-21797
2022-09-26 05:15:10
mageia
mageia
Updated python-joblib packages fix security vulnerability
2022-10-19 02:14:56
github
github
joblib vulnerable to arbitrary code execution
2022-09-27 00:00:22
ibm
ibm
freebsd
freebsd
py39-joblib -- arbitrary code execution
2022-09-26 00:00:00
cvelist
cvelist
CVE-2022-21797 Arbitrary Code Execution
2022-09-26 00:00:00
debiancve
debiancve
CVE-2022-21797
2022-09-26 05:15:10