PT-2022-15136 · Joblib+2 · Joblib+2

Jim Lin

Published

2022-09-20

Updated

2025-03-20

CVE-2022-21797

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions joblib versions 0 through 1.2.0

Description The issue concerns Arbitrary Code Execution via the pre dispatch flag in the Parallel() class due to the eval() statement.

Recommendations For joblib versions 0 through 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the eval() statement in the Parallel() class until a patch is available. Restrict access to the pre dispatch flag to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2022-2646

ALT-PU-2024-17300

CVE-2022-21797

DLA-3193-1

DLA-3193-2

GHSA-6HRG-QMVC-2XH8

MGASA-2022-0375

OESA-2022-1990

OPENSUSE-SU-2022:10214-1

OPENSUSE-SU-2024:12401-1

OPENSUSE-SU-2025:14914-1

PYSEC-2022-288

Affected Products

Alt Linux

Astra Linux

Joblib

PT-2022-15136 · Joblib+2 · Joblib+2

CVE-2022-21797

Weakness Enumeration

Related Identifiers

Affected Products

References · 41