AIKIDO-2025-10962
joblib is vulnerable to Allocation of Resources Without Limits or Throttling
30
Low Risk
This Affects:
joblibTL;DR
Affected versions of this package are vulnerable to denial-of-service and memory exhaustion attacks due to unsafe expression parsing in scenarios such as user-settable pre_dispatch expressions. The ast.parse function can crash the Python interpreter with long and complex expressions. Evaluating expressions such as 9**9**9**9 leads to prolonged computation times (DoS), and allocating large strings from concise expressions like ' ' * 10**10 triggers memory exhaustion (OOM). An attacker can exploit these vulnerabilities by submitting malicious expressions to accessible parameters, causing interpreter crashes, service degradation, or system resource depletion.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
joblib is vulnerable to Allocation of Resources Without Limits or Throttling in versions 1.2.0 - 1.5.2.
How to fix this
Upgrade the joblib library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant