CVE-2024-34997

ADVISORY - nist

Summary

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.

EPSS Score⁠: 0.00378 (0.595)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-502⁠

Deserialization of Untrusted Data

ADVISORY - redhat

CWE-502⁠

Deserialization of Untrusted Data

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

8 months ago

ADVISORY IDCVE-2024-34997⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-502⁠

CVSS SCORE

7.5high

Alpine

CREATED

8 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2024-34997⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 years ago

UPDATED

22 days ago

ADVISORY IDCVE-2024-34997⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

2 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2024-34997⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

PypA

CREATED

2 years ago

UPDATED

6 hours ago

ADVISORY ID

PYSEC-2024-277

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

Red Hat

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2024-34997⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-502⁠

CVSS SCORE

8.1medium