Vulnerability Description
scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scikit-Learn | Scikit-Learn | <= 0.23.0 |
Related Weaknesses (CWE)
References
- https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.mdExploitThird Party Advisory
- https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainThird Party Advisory
- https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.mdExploitThird Party Advisory
- https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainThird Party Advisory
FAQ
What is CVE-2020-13092?
CVE-2020-13092 is a vulnerability with a CVSS score of 9.8 (CRITICAL). scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third p...
How severe is CVE-2020-13092?
CVE-2020-13092 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-13092?
Check the references section above for vendor advisories and patch information. Affected products include: Scikit-Learn Scikit-Learn.