diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-09-27 08:13:50 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-09-27 08:13:50 +0200 |
commit | df1fb580d69887e4b54679296159f0a57131a1a8 (patch) | |
tree | d9ac8c4ef100cd93b3dc579f1ec21ac78e01f7c9 | |
parent | 1727f8552d0f0ac1210831bf8c18673cdeaef4c1 (diff) |
Add CVE-2022-21797/joblib
-rw-r--r-- | data/CVE/list | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index f6b4b45c2e..e67bc148ea 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -42840,7 +42840,11 @@ CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the mem CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...) NOT-FOR-US: grapejs CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...) - TODO: check + - joblib <unfixed> + NOTE: https://github.com/joblib/joblib/issues/1128 + NOTE: https://github.com/joblib/joblib/pull/1321 + NOTE: https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 (1.2.0) + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033 CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...) NOT-FOR-US: github.com/masterminds/vcs CVE-2022-21232 |