{"id":"PYSEC-2022-288","details":"The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.","aliases":["CVE-2022-21797","GHSA-6hrg-qmvc-2xh8"],"modified":"2023-11-08T04:08:10.573953Z","published":"2022-09-26T05:15:00Z","references":[{"type":"FIX","url":"https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059"},{"type":"REPORT","url":"https://github.com/joblib/joblib/issues/1128"},{"type":"WEB","url":"https://github.com/joblib/joblib/pull/1321"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033"}],"affected":[{"package":{"name":"joblib","ecosystem":"PyPI","purl":"pkg:pypi/joblib"},"ranges":[{"type":"GIT","repo":"https://github.com/joblib/joblib","events":[{"introduced":"0"},{"fixed":"b90f10efeb670a2cc877fb88ebb3f2019189e059"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0"}]}],"versions":["0.10.0","0.10.2","0.10.3","0.11","0.11a3","0.12.0","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.13.0","0.13.1","0.13.2","0.14.0","0.14.1","0.15.0","0.15.1","0.16.0","0.17.0","0.1a","0.1a.dev","0.2a.dev","0.3.1a.dev","0.3.2.dev","0.3.2a.dev","0.3.2b.dev","0.3.2c.dev","0.3.2d","0.3.2d.dev","0.3.2e.dev","0.3.2f","0.3.2f.dev","0.3.2g.dev","0.3.3a.dev","0.3.3b.dev","0.3.3c.dev","0.3.4.dev","0.3.5.dev","0.3.6.dev","0.3.7.dev","0.3a.dev","0.4.0.dev","0.4.1.dev","0.4.2.dev","0.4.3.dev","0.4.4.dev","0.4.5.dev","0.4.6.dev","0.5.0.dev","0.5.0a.dev","0.5.1.dev","0.5.2.dev","0.5.3.dev","0.5.4.dev","0.5.5.dev","0.5.6.dev","0.5.7","0.5.7.dev","0.5.7a","0.5.7a.dev","0.5.7b.dev","0.6.0","0.6.0a","0.6.0b","0.6.0b2","0.6.0b3","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.7.0a","0.7.0b","0.7.0c","0.7.0d","0.7.1","0.8.0","0.8.0a","0.8.0a2","0.8.0a3","0.8.1","0.8.2","0.8.3","0.8.3-r1","0.8.4","0.9.0b2","0.9.0b3","0.9.0b4","0.9.1","0.9.2","0.9.3","0.9.4","1.0.0","1.0.1","1.1.0","1.1.0a0","1.1.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/joblib/PYSEC-2022-288.yaml"}}],"schema_version":"1.7.3"}