Skip to main content

Joblib

2 CVEs product

Monthly

CVE-2024-34997 PyPI HIGH POC This Week

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Joblib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-21797 PyPI CRITICAL POC PATCH Act Now

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Joblib Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
EPSS 1% CVSS 7.5
HIGH POC This Week

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Joblib
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Joblib +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy