The package joblib from version 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

My PR:
https://github.com/tensorflow/data-validation/pull/225

More infos:
joblib/joblib#1128

@abdel91, Thank you for the contribution. Once reviewed, the PR will be merged.

hello,
any news on this? we would love to use the library but blocked waiting for this fix to go through.