summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-09-27 08:13:50 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2022-09-27 08:13:50 +0200
commitdf1fb580d69887e4b54679296159f0a57131a1a8 (patch)
treed9ac8c4ef100cd93b3dc579f1ec21ac78e01f7c9
parent1727f8552d0f0ac1210831bf8c18673cdeaef4c1 (diff)
Add CVE-2022-21797/joblib
-rw-r--r--data/CVE/list6
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index f6b4b45c2e..e67bc148ea 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -42840,7 +42840,11 @@ CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the mem
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...)
NOT-FOR-US: grapejs
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...)
- TODO: check
+ - joblib <unfixed>
+ NOTE: https://github.com/joblib/joblib/issues/1128
+ NOTE: https://github.com/joblib/joblib/pull/1321
+ NOTE: https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 (1.2.0)
+ NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033
CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...)
NOT-FOR-US: github.com/masterminds/vcs
CVE-2022-21232

© 2014-2024 Faster IT GmbH | imprint | privacy policy