The potential security vulnerability on the joblib library

tensorflow / data-validation

Library for exploring and validating machine learning data

Apache License 2.0

766 stars 174 forks source link

The potential security vulnerability on the joblib library #226

Closed abdel91 closed 2 years ago

abdel91 commented 2 years ago

The package joblib from version 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

My PR: https://github.com/tensorflow/data-validation/pull/225 More infos: https://github.com/joblib/joblib/issues/1128

singhniraj08 commented 2 years ago

@abdel91, Thank you for the contribution. Once reviewed, the PR will be merged.

eslamkarim commented 2 years ago

hello, any news on this? we would love to use the library but blocked waiting for this fix to go through.