Joblib Project Joblib vulnerabilities

CVE-2024-34997 [HIGH] CWE-502 CVE-2024-34997: joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.num joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.

CVE-2022-21797 [CRITICAL] CWE-94 CVE-2022-21797: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_di The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.