VulnerableCode Package Details - pkg:pypi/dask@2.11.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3nm6-d5m2-5yd1 Aliases: CVE-2021-42343 GHSA-hwqr-f3v9-hwxr GHSA-j8fq-86c5-5v2r GMS-2022-3213 PYSEC-2021-387 PYSEC-2021-871 PYSEC-2021-872	arbitrary code execution	2021.10.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-n6bg-c2sx-13dg Aliases: CVE-2024-10096 GHSA-xqgj-r6xv-9cw4	Withdrawn Advisory: Dask Vulnerable to Command Injection # Withdrawn Advisory This advisory has been withdrawn because it describes [intended functionality](https://distributed.dask.org/en/stable/limitations.html?highlight=host#security). This link is maintained to preserve external references. # Original Description Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server.	2024.9.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3nm6-d5m2-5yd1
Aliases:
CVE-2021-42343
GHSA-hwqr-f3v9-hwxr
GHSA-j8fq-86c5-5v2r
GMS-2022-3213
PYSEC-2021-387
PYSEC-2021-871
PYSEC-2021-872

arbitrary code execution

2021.10.0
Affected by 1 other vulnerability.

VCID-n6bg-c2sx-13dg
Aliases:
CVE-2024-10096
GHSA-xqgj-r6xv-9cw4

Withdrawn Advisory: Dask Vulnerable to Command Injection # Withdrawn Advisory This advisory has been withdrawn because it describes [intended functionality](https://distributed.dask.org/en/stable/limitations.html?highlight=host#security). This link is maintained to preserve external references. # Original Description Dask versions <=2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allows attackers to craft malicious objects. These objects can be serialized on the client side and sent to the server for deserialization, leading to remote command execution and potentially granting full control over the Dask server.

2024.9.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:44:16.409234+00:00	GitLab Importer	Affected by	VCID-n6bg-c2sx-13dg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dask/CVE-2024-10096.yml	38.6.0
2026-06-06T01:04:14.100595+00:00	GitLab Importer	Affected by	VCID-3nm6-d5m2-5yd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/dask/CVE-2021-42343.yml	38.6.0
2026-06-05T17:00:35.912238+00:00	PyPI Importer	Affected by	VCID-3nm6-d5m2-5yd1	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-05T16:35:26.334178+00:00	GHSA Importer	Affected by	VCID-3nm6-d5m2-5yd1	https://github.com/advisories/GHSA-j8fq-86c5-5v2r	38.6.0
2026-06-02T04:14:52.593114+00:00	Pypa Importer	Affected by	VCID-3nm6-d5m2-5yd1	https://github.com/pypa/advisory-database/blob/main/vulns/dask/PYSEC-2021-387.yaml	38.6.0