Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 873151 (CVE-2022-21797) - <dev-python/joblib-1.2.0: Arbitrary Code Execution via the pre_dispatch flag in Parallel() class (CVE-2022-21797)
Summary: <dev-python/joblib-1.2.0: Arbitrary Code Execution via the pre_dispatch flag ...
Alias: CVE-2022-21797
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa+]
Depends on:
Reported: 2022-09-27 07:10 UTC by filip ambroz
Modified: 2024-01-02 14:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2022-09-27 07:10:24 UTC
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.



Fixed version 1.2.0 is available.
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-13 05:47:19 UTC
dev-python/joblib-1.3.2 is currently the only version available.
Comment 2 Larry the Git Cow gentoo-dev 2024-01-02 14:39:03 UTC
The bug has been referenced in the following commit(s):

commit 086ee91647926ad5550f1443e004b5f5d1bda7fc
Author:     GLSAMaker <>
AuthorDate: 2024-01-02 14:38:14 +0000
Commit:     Hans de Graaff <>
CommitDate: 2024-01-02 14:38:51 +0000

    [ GLSA 202401-01 ] Joblib: Arbitrary Code Execution
    Signed-off-by: GLSAMaker <>
    Signed-off-by: Hans de Graaff <>

 glsa-202401-01.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)