[Bug 1171989] VUL-1: CVE-2020-13092: python-scikit-learn: unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if reduce makes an os.system call

26 May 2020

      http://bugzilla.suse.com/show_bug.cgi?id=1171989

SMASH SMASH <smash_bz@suse.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|                            |CVSSv2:NVD:CVE-2020-13092:7
                   |                            |.5:(AV:N/AC:L/Au:N/C:P/I:P/
                   |                            |A:P)
                   |                            |CVSSv3.1:NVD:CVE-2020-13092
                   |                            |:9.8:(AV:N/AC:L/PR:N/UI:N/S
                   |                            |:U/C:H/I:H/A:H)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1171989] VUL-1: CVE-2020-13092: python-scikit-learn: unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call

bugzilla_noreply＠suse.com

[Bug 1171989] VUL-1: CVE-2020-13092: python-scikit-learn: unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if reduce makes an os.system call