High severity7.5NVD Advisory· Published May 17, 2024· Updated Jun 17, 2026
CVE-2024-34997
CVE-2024-34997
Description
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content.
Affected products
2- joblib/joblibdescription
Patches
Vulnerability mechanics
References
2- github.com/joblib/joblib/issues/1582nvdExploitIssue Tracking
- github.com/joblib/joblib/issues/977nvdExploitIssue Tracking
News mentions
0No linked articles in our index yet.