From df1fb580d69887e4b54679296159f0a57131a1a8 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 27 Sep 2022 08:13:50 +0200 Subject: Add CVE-2022-21797/joblib --- data/CVE/list | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/data/CVE/list b/data/CVE/list index f6b4b45c2e..e67bc148ea 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -42840,7 +42840,11 @@ CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the mem CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...) NOT-FOR-US: grapejs CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...) - TODO: check + - joblib + NOTE: https://github.com/joblib/joblib/issues/1128 + NOTE: https://github.com/joblib/joblib/pull/1321 + NOTE: https://github.com/joblib/joblib/commit/b90f10efeb670a2cc877fb88ebb3f2019189e059 (1.2.0) + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033 CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...) NOT-FOR-US: github.com/masterminds/vcs CVE-2022-21232 -- cgit v1.2.3