{"data":{"id":"a9292361-2294-45a9-8135-058ba0582b78","title":"CVE-2020-13092: scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to ","summary":"scikit-learn (a Python machine learning library) versions up to 0.23.0 have a vulnerability where the joblib.load() function (which deserializes, or reconstructs objects from saved files) can execute harmful commands if an untrusted file is loaded. However, the vulnerability is disputed because joblib.load() is documented as unsafe and users are responsible for only loading files they trust.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-13092","publishedAt":"2020-05-15T23:15:12.277Z","cveId":"CVE-2020-13092","cweIds":["CWE-502"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["scikit-learn","joblib"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00598,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}