Adrin Jalali

3 exploits Active since Sep 2022
CVE-2022-21797 WRITEUP HIGH WRITEUP
joblib < 1.2.0 - Arbitrary Code Execution via Parallel pre_dispatch eval()
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
CVSS 7.3
CVE-2025-54412 WRITEUP HIGH WRITEUP
skops < 0.12.0 - Arbitrary Code Execution via OperatorFuncNode Inconsistency
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. This is fixed in version 0.12.0.
CVE-2025-54413 WRITEUP HIGH WRITEUP
skops < 0.12.0 - Remote Code Execution via MethodNode Inconsistency
skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to GHSA-m7f4-hrc6-fwg3, it is actually more severe, as it relies on fewer assumptions about trusted types. This is fixed in version 12.0.0.