CVE-2024-34997

Published: May 17, 2024Modified: Sep 29, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.

Affected (1)

Products: Joblib Project: Joblib

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Joblib Project Joblib	Version 1.4.2

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://github.com/joblib/joblib/issues/1582

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/joblib/joblib/issues/977

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/joblib/joblib/issues/1582

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://github.com/joblib/joblib/issues/977

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.