data-validation icon indicating copy to clipboard operation
data-validation copied to clipboard
verified publisher icon tensorflow

The potential security vulnerability on the joblib library

Open abdel91 opened this issue 3 years ago • 1 comments

The package joblib from version 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

My PR: https://github.com/tensorflow/data-validation/pull/225 More infos: https://github.com/joblib/joblib/issues/1128

abdel91 avatar Oct 07 '22 18:10 abdel91

@abdel91, Thank you for the contribution. Once reviewed, the PR will be merged.

singhniraj08 avatar Oct 10 '22 06:10 singhniraj08

hello, any news on this? we would love to use the library but blocked waiting for this fix to go through.

eslamkarim avatar Oct 28 '22 08:10 eslamkarim