Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code
TrueChartsClone/charts/stable/headphones/security.md

114 lines
79 KiB
Markdown
Raw Normal View History

Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
---
hide:
- toc
---
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 23:17:30 +00:00
# Security Overview
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
## Helm-Chart
##### Scan Results
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
#### Chart Object: headphones/templates/common.yaml
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-headphones&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-headphones&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/headphones:version-58edc604@sha256:f605d077d6d6023e3326421ce02eb81bd962163b68569f8e3953cb5ac2898344
##### Scan Results
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
**alpine**
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| busybox | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42379 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42380 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42381 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42382 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42383 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42384 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42385 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42386 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.33.1-r3 | 1.33.1-r4 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br></details> |
#### Container: Python
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
**python-pkg**
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287</a><br><a href="https://github.com/advisories/GHSA-77gc-v2xv-rvvh">https://github.com/advisories/GHSA-77gc-v2xv-rvvh</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470">https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87">https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25287">https://nvd.nist.gov/vuln/detail/CVE-2021-25287</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
| Pillow | CVE-2021-25288 | CRITICAL | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288</a><br><a href="https://github.com/advisories/GHSA-rwv7-3v45-hg29">https://github.com/advisories/GHSA-rwv7-3v45-hg29</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470">https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25288">https://nvd.nist.gov/vuln/detail/CVE-2021-25288</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
| Pillow | CVE-2021-25289 | CRITICAL | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289</a><br><a href="https://github.com/advisories/GHSA-57h3-9rgr-c24m">https://github.com/advisories/GHSA-57h3-9rgr-c24m</a><br><a href="https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c">https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25289">https://nvd.nist.gov/vuln/detail/CVE-2021-25289</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-34552 | CRITICAL | 6.2.2 | 8.3.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552</a><br><a href="https://github.com/advisories/GHSA-7534-mm45-c74v">https://github.com/advisories/GHSA-7534-mm45-c74v</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-34552">https://nvd.nist.gov/vuln/detail/CVE-2021-34552</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br></details> |
| Pillow | CVE-2020-10379 | HIGH | 6.2.2 | 6.2.3, 7.0.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379</a><br><a href="https://github.com/advisories/GHSA-8843-m7mw-mxqm">https://github.com/advisories/GHSA-8843-m7mw-mxqm</a><br><a href="https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac">https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10379">https://nvd.nist.gov/vuln/detail/CVE-2020-10379</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html">https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
| Pillow | CVE-2020-11538 | HIGH | 6.2.2 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538</a><br><a href="https://github.com/advisories/GHSA-43fq-w8qq-v88h">https://github.com/advisories/GHSA-43fq-w8qq-v88h</a><br><a href="https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security">https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security</a><br><a href="https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d">https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d</a><br><a href="https://github.com/python-pillow/Pillow/pull/4504">https://github.com/python-pillow/Pillow/pull/4504</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://linux.oracle.com/cve/CVE-2020-11538.html">https://linux.oracle.com/cve/CVE-2020-11538.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-3185.html">https://linux.oracle.com/errata/ELSA-2020-3185.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11538">https://nvd.nist.gov/vuln/detail/CVE-2020-11538</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
| Pillow | CVE-2020-35653 | HIGH | 6.2.2 | 8.1.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653</a><br><a href="https://github.com/advisories/GHSA-f5g8-5qq7-938w">https://github.com/advisories/GHSA-f5g8-5qq7-938w</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35653">https://nvd.nist.gov/vuln/detail/CVE-2020-35653</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-4697-1">https://ubuntu.com/security/notices/USN-4697-1</a><br><a href="https://ubuntu.com/security/notices/USN-4697-2">https://ubuntu.com/security/notices/USN-4697-2</a><br></details> |
| Pillow | CVE-2020-35654 | HIGH | 6.2.2 | 8.1.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654</a><br><a href="https://github.com/advisories/GHSA-vqcj-wrf2-7v73">https://github.com/advisories/GHSA-vqcj-wrf2-7v73</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35654">https://nvd.nist.gov/vuln/detail/CVE-2020-35654</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-4697-1">https://ubuntu.com/security/notices/USN-4697-1</a><br></details> |
| Pillow | CVE-2021-23437 | HIGH | 6.2.2 | 8.3.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437</a><br><a href="https://github.com/advisories/GHSA-98vv-pw6r-q6q4">https://github.com/advisories/GHSA-98vv-pw6r-q6q4</a><br><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b">https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23437">https://nvd.nist.gov/vuln/detail/CVE-2021-23437</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443</a><br></details> |
| Pillow | CVE-2021-25290 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290</a><br><a href="https://github.com/advisories/GHSA-8xjq-8fcg-g5hw">https://github.com/advisories/GHSA-8xjq-8fcg-g5hw</a><br><a href="https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa">https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25290">https://nvd.nist.gov/vuln/detail/CVE-2021-25290</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-25291 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291</a><br><a href="https://github.com/advisories/GHSA-mvg9-xffr-p774">https://github.com/advisories/GHSA-mvg9-xffr-p774</a><br><a href="https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a">https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25291">https://nvd.nist.gov/vuln/detail/CVE-2021-25291</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-25293 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293</a><br><a href="https://github.com/advisories/GHSA-p43w-g3c5-g5mq">https://github.com/advisories/GHSA-p43w-g3c5-g5mq</a><br><a href="https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9">https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25293">https://nvd.nist.gov/vuln/detail/CVE-2021-25293</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-27921 | HIGH | 6.2.2 | 8.1.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921</a><br><a href="https://github.com/advisories/GHSA-f4w8-cv6p-x6r5">https://github.com/advisories/GHSA-f4w8-cv6p-x6r5</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27921">https://nvd.nist.gov/vuln/detail/CVE-2021-27921</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-27922 | HIGH | 6.2.2 | 8.1.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922</a><br><a href="https://github.com/advisories/GHSA-3wvg-mj6g-m9cv">https://github.com/advisories/GHSA-3wvg-mj6g-m9cv</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27922">https://nvd.nist.gov/vuln/detail/CVE-2021-27922</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-27923 | HIGH | 6.2.2 | 8.1.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923</a><br><a href="https://github.com/advisories/GHSA-95q3-8gr9-gm8w">https://github.com/advisories/GHSA-95q3-8gr9-gm8w</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27923">https://nvd.nist.gov/vuln/detail/CVE-2021-27923</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-28676 | HIGH | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676</a><br><a href="https://github.com/advisories/GHSA-7r7m-5h27-29hp">https://github.com/advisories/GHSA-7r7m-5h27-29hp</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377">https://github.com/python-pillow/Pillow/pull/5377</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28676">https://nvd.nist.gov/vuln/detail/CVE-2021-28676</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
| Pillow | CVE-2021-28677 | HIGH | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677</a><br><a href="https://github.com/advisories/GHSA-q5hq-fp76-qmrc">https://github.com/advisories/GHSA-q5hq-fp76-qmrc</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377">https://github.com/python-pillow/Pillow/pull/5377</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28677">https://nvd.nist.gov/vuln/detail/CVE-2021-28677</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
| Pillow | CVE-2020-10177 | MEDIUM | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177</a><br><a href="https://github.com/advisories/GHSA-cqhg-xjhh-p8hf">https://github.com/advisories/GHSA-cqhg-xjhh-p8hf</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4503">https://github.com/python-pillow/Pillow/pull/4503</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html">https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10177">https://nvd.nist.gov/vuln/detail/CVE-2020-10177</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html">https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://ubuntu.com/security/notices/USN-4697-2">https://ubuntu.com/security/notices/USN-4697-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
| Pillow | CVE-2020-10378 | MEDIUM | 6.2.2 | 6.2.3, 7.0.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378</a><br><a href="https://github.com/advisories/GHSA-3xv8-3j54-hgrp">https://github.com/advisories/GHSA-3xv8-3j54-hgrp</a><br><a href="https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml">https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml</a><br><a href="https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac">https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10378">https://nvd.nist.gov/vuln/detail/CVE-2020-10378</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html">https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
| Pillow | CVE-2020-10994 | MEDIUM | 6.2.2 | 7.0.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994</a><br><a href="https://github.com/advisories/GHSA-vj42-xq3r-hr3r">https://github.com/advisories/GHSA-vj42-xq3r-hr3r</a><br><a href="https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security">https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security</a><br><a href="https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4">https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging/">https://github.com/python-pillow/Pillow/commits/master/src/libImaging/</a><br><a href="https://github.com/python-pillow/Pillow/pull/4505">https://github.com/python-pillow/Pillow/pull/4505</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10994">https://nvd.nist.gov/vuln/detail/CVE-2020-10994</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/">https://pillow.readthedocs.io/en/stable/releasenotes/</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
| Pillow | CVE-2020-15999 | MEDIUM | 6.2.2 | 8.0.1 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html">http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html</a><br><a href="http://seclists.org/fulldisclosure/2020/Nov/33">http://seclists.org/fulldisclosure/2020/Nov/33</a><br><a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=2103">https://bugs.chromium.org/p/project-zero/issues/detail?id=2103</a><br><a href="https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html">https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html</a><br><a href="https://crbug.com/1139963">https://crbug.com/1139963</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999</a><br><a href="https://github.com/advisories/GHSA-pv36-h7jh-qm62">https://github.com/advisories/GHSA-pv36-h7jh-qm62</a><br><a href="https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62">https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62</a><br><a href="https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html">https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html</a><br><a href="https://linux.oracle.com/cve/CVE-2020-15999.html">https://linux.oracle.com/cve/CVE-2020-15999.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-4952.html">https://linux.oracle.com/errata/ELSA-2020-4952.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-15999">https://nvd.nist.gov/vuln/detail/CVE-2020-15999</a><br><a href="https://security.gentoo.org/glsa/202011-12">https://security.gentoo.org/glsa/202011-12</a><br><a href="https://security.gentoo.org/glsa/202012-04">https://security.gentoo.org/glsa/202012-04</a><br><a href="https://ubuntu.com/security/notices/USN-4593-1">https://ubuntu.com/security/notices/USN-4593-1</a><br><a href="https://ubuntu.com/security/notices/USN-4593-2">https://ubuntu.com/security/notices/USN-4593-2</a><br><a href="https://www.debian.org/security/2021/dsa-4824">https://www.debian.org/security/2021/dsa-4824</a><br><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999">https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-15999</a><br><a href="https://www.nuget.org/packages/CefSharp.Common/">https://www.nuget.org/packages/CefSharp.Common/</a><br><a href="https://www.nuget.org/packages/CefSharp.WinForms">https://www.nuget.org/packages/CefSharp.WinForms</a><br><a href="https://www.nuget.org/packages/CefSharp.Wpf">https://www.nuget.org/packages/CefSharp.Wpf</a><br><a href="https://www.nuget.org/packages/CefSharp.Wpf.HwndHost">https://www.nuget.org/packages/CefSharp.Wpf.HwndHost</a><br></details> |
| Pillow | CVE-2020-35655 | MEDIUM | 6.2.2 | 8.1.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655</a><br><a href="https://github.com/advisories/GHSA-hf64-x4gq-p99h">https://github.com/advisories/GHSA-hf64-x4gq-p99h</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35655">https://nvd.nist.gov/vuln/detail/CVE-2020-35655</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-4697-1">https://ubuntu.com/security/notices/USN-4697-1</a><br></details> |
| Pillow | CVE-2021-25292 | MEDIUM | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292</a><br><a href="https://github.com/advisories/GHSA-9hx2-hgq2-2g4f">https://github.com/advisories/GHSA-9hx2-hgq2-2g4f</a><br><a href="https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c">https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c</a><br><a href="https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4">https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25292">https://nvd.nist.gov/vuln/detail/CVE-2021-25292</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
| Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675</a><br><a href="https://github.com/advisories/GHSA-g6rj-rv7j-xwp4">https://github.com/advisories/GHSA-g6rj-rv7j-xwp4</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497">https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28675">https://nvd.nist.gov/vuln/detail/CVE-2021-28675</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
| Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678</a><br><a href="https://github.com/advisories/GHSA-hjfx-8p6c-g7gx">https://github.com/advisories/GHSA-hjfx-8p6c-g7gx</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377">https://github.com/python-pillow/Pillow/pull/5377</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1">https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28678">https://nvd.nist.gov/vuln/detail/CVE-2021-28678</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
| Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-jgpv-4h4c-xhw3">https://github.com/advisories/GHSA-jgpv-4h4c-xhw3</a><br><a href="https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3">https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3</a><br></details> |
| pip | CVE-2021-28363 | MEDIUM | 20.3.4 | 21.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-5phf-pp7p-vc2r">https://github.com/advisories/GHSA-5phf-pp7p-vc2r</a><br><a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15">https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#1264-2021-03-15</a><br><a href="https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0">https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0</a><br><a href="https://github.com/urllib3/urllib3/commits/main">https://github.com/urllib3/urllib3/commits/main</a><br><a href="https://github.com/urllib3/urllib3/releases/tag/1.26.4">https://github.com/urllib3/urllib3/releases/tag/1.26.4</a><br><a href="https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r">https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28363">https://nvd.nist.gov/vuln/detail/CVE-2021-28363</a><br><a href="https://pypi.org/project/urllib3/1.26.4/">https://pypi.org/project/urllib3/1.26.4/</a><br><a href="https://security.gentoo.org/glsa/202107-36">https://security.gentoo.org/glsa/202107-36</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| pip | CVE-2021-3572 | MEDIUM | 20.3.4 | 21.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/errata/RHSA-2021:3254">https://access.redhat.com/errata/RHSA-2021:3254</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1962856">https://bugzilla.redhat.com/show_bug.cgi?id=1962856</a><br><a href="https://github.com/advisories/GHSA-5xp3-jfq3-5q8x">https://github.com/advisories/GHSA-5xp3-jfq3-5q8x</a><br><a href="https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b">https://github.com/pypa/pip/commit/e46bdda9711392fec0c45c1175bae6db847cb30b</a><br><a href="https://github.com/pypa/pip/pull/9827">https://github.com/pypa/pip/pull/9827</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3572.html">https://linux.oracle.com/cve/CVE-2021-3572.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4455.html">https://linux.oracle.com/errata/ELSA-2021-4455.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3572">https://nvd.nist.gov/vuln/detail/CVE-2021-3572</a><br><a href="https://packetstormsecurity.com/files/162712/USN-4961-1.txt">https://packetstormsecurity.com/files/162712/USN-4961-1.txt</a><br></details> |
| pip | pyup.io-42218 | UNKNOWN | 20.3.4 | 21.1 | <details><summary>Expand...</summary></details> |