diff --git a/CVE-2022-21797.patch b/CVE-2022-21797.patch
new file mode 100644
index 0000000..0979b5e
--- /dev/null
+++ b/CVE-2022-21797.patch
@@ -0,0 +1,38 @@
+From b90f10efeb670a2cc877fb88ebb3f2019189e059 Mon Sep 17 00:00:00 2001
+From: Adrin Jalali <adrin.jalali@gmail.com>
+Date: Mon, 5 Sep 2022 15:15:04 +0200
+Subject: [PATCH] FIX make sure pre_dispatch cannot do arbitrary code execution
+ (#1321)
+
+---
+ joblib/parallel.py | 10 ++++++++--
+ 1 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/joblib/parallel.py b/joblib/parallel.py
+index f9c84548d..1c2fe18f7 100644
+--- a/joblib/parallel.py
++++ b/joblib/parallel.py
+@@ -504,7 +504,9 @@ class Parallel(Logger):
+         pre_dispatch: {'all', integer, or expression, as in '3*n_jobs'}
+             The number of batches (of tasks) to be pre-dispatched.
+             Default is '2*n_jobs'. When batch_size="auto" this is reasonable
+-            default and the workers should never starve.
++            default and the workers should never starve. Note that only basic
++            arithmetics are allowed here and no modules can be used in this
++            expression.
+         batch_size: int or 'auto', default: 'auto'
+             The number of atomic tasks to dispatch at once to each
+             worker. When individual evaluations are very fast, dispatching
+@@ -1049,7 +1051,11 @@ def _batched_calls_reducer_callback():
+         else:
+             self._original_iterator = iterator
+             if hasattr(pre_dispatch, 'endswith'):
+-                pre_dispatch = eval(pre_dispatch)
++                pre_dispatch = eval(
++                    pre_dispatch,
++                    {"n_jobs": n_jobs, "__builtins__": {}},  # globals
++                    {}  # locals
++                )
+             self._pre_dispatch_amount = pre_dispatch = int(pre_dispatch)
+ 
+             # The main thread will consume the first pre_dispatch items and
diff --git a/python-joblib.spec b/python-joblib.spec
index 8485fd0..36a317e 100644
--- a/python-joblib.spec
+++ b/python-joblib.spec
@@ -2,11 +2,12 @@
 
 Name:           python-%{pypi_name}
 Version:        1.0.0
-Release:        1
+Release:        2
 Summary:        Utilities to provide lightweight pipelining in Python
 License:        BSD-licenced (3 clause)
 URL:            https://joblib.readthedocs.io/en/latest/
 Source0:        https://github.com/joblib/joblib/archive/%{version}.tar.gz#/%{pypi_name}-%{version}.tar.gz
+Patch0:         CVE-2022-21797.patch
 BuildArch:      noarch
 BuildRequires:  python3-devel
 #test requires
@@ -25,7 +26,7 @@ Summary:        %{summary}
 %description -n python3-%{pypi_name} %{_description}
 
 %prep
-%autosetup -n %{pypi_name}-%{version}
+%autosetup -p1 -n %{pypi_name}-%{version}
 
 %build
 %py3_build
@@ -44,6 +45,9 @@ Summary:        %{summary}
 %{python3_sitelib}/%{pypi_name}/
 
 %changelog
+* Wed Sep 28 2022 liangqifeng <liangqifeng@ncti-gba.cn> - 1.0.0-2
+- fix CVE-2022-21797
+
 * Mon Feb 1 2021 wangjie<wangjie294@huawei.com> - 1.0.0-1
 - upgrade version to 1.0.0