[Debian]: CVE: CVE-2022-21797: python3-joblib: Arbitrary Code Execution
Bug #2018639 reported by
Yue Tao
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
High
|
Zhixiong Chi | ||
Bug Description
CVE-2022-21797: https:/
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
Score:
cve_id status cvss3Score
CVE-2022-21797 fixed 9.8
References:
['python3-
CVE References
| Changed in starlingx: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| tags: | added: stx.9.0 stx.security |
| Changed in starlingx: | |
| assignee: | nobody → Zhixiong Chi (zhixiongchi) |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to tools (master) | #1 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit de258cf5e599055
Author: Zhixiong Chi <email address hidden>
Date: Mon May 8 12:42:49 2023 +0800
python3-joblib: fix CVE-2022-21797
Upgrade python3-joblib to 0.17.0-4+deb11u1
Refer to:
https:/
Test Plan:
Pass: downloader
Pass: build-pkgs --clean
Pass: build-image
Pass: Jenkins Installation
PASS: dpkg -l |grep python3-joblib
ii python3-joblib 0.17.0-4+deb11u1
Closes-Bug: 2018639
Signed-off-by: Zhixiong Chi <email address hidden>
Change-Id: I670f4716355844