Scikit-learn - Scikit-learn CVE

Filtered by vendor Scikit-learn Subscribe

Filtered by product Scikit-learn

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-13092	1 Scikit-learn	1 Scikit-learn	2020-05-19	7.5 HIGH	9.8 CRITICAL
DISPUTED scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.

Vulnerabilities (CVE)