CVE-2024-5206
- EPSS 0.04%
- Veröffentlicht 06.06.2024 19:16:06
- Zuletzt bearbeitet 21.11.2024 09:47:11
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens pr...
CVE-2020-28975
- EPSS 0.82%
- Veröffentlicht 21.11.2020 21:15:10
- Zuletzt bearbeitet 21.11.2024 05:23:25
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence st...
CVE-2020-13092
- EPSS 0.6%
- Veröffentlicht 15.05.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:00:39
scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load(...