CVE-2022-21797 Information

Description

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Reference

https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 https://github.com/joblib/joblib/issues/1128 https://github.com/joblib/joblib/pull/1321 https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033