data-validation icon indicating copy to clipboard operation
data-validation copied to clipboard
verified publisher icon tensorflow

Update the joblib version to fix CVE-2022-21797

Open abdel91 opened this issue 3 years ago • 1 comments

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

abdel91 avatar Oct 07 '22 14:10 abdel91

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Oct 07 '22 14:10 google-cla[bot]

@caveness,

Kindly review this PR and approve it. Older version of joblib is blocking users because of security vulnerability. #226

Thank you!

singhniraj08 avatar Oct 28 '22 12:10 singhniraj08