117 lines
78 KiB
Markdown
117 lines
78 KiB
Markdown
---
|
||
hide:
|
||
- toc
|
||
---
|
||
|
||
# Security Overview
|
||
|
||
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
|
||
|
||
## Helm-Chart
|
||
|
||
##### Scan Results
|
||
|
||
#### Chart Object: pyload/templates/common.yaml
|
||
|
||
|
||
|
||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-pyload' of Deployment 'RELEASE-NAME-pyload' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-pyload' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'resources.requests.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
|
||
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'resources.requests.memory' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
|
||
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.privileged' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
|
||
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'resources.limits.memory' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
|
||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'RELEASE-NAME-pyload' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsUser' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
|
||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'RELEASE-NAME-pyload' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. <br> <hr> <br> Container 'hostpatch' of Deployment 'RELEASE-NAME-pyload' should set 'securityContext.runAsGroup' > 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
|
||
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment 'RELEASE-NAME-pyload' should not set 'spec.template.volumes.hostPath' </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
|
||
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment 'RELEASE-NAME-pyload' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
|
||
|
||
## Containers
|
||
|
||
##### Detected Containers
|
||
|
||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
|
||
tccr.io/truecharts/pyload:version-5de90278@sha256:c33489498cb4541bbf936b1ebd1eaebfb0cae279f738aa0e6184969089e94081
|
||
|
||
##### Scan Results
|
||
|
||
|
||
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
|
||
|
||
|
||
**alpine**
|
||
|
||
|
||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||
|
||
|
||
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
|
||
|
||
|
||
**alpine**
|
||
|
||
|
||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
|
||
|
||
|
||
#### Container: Python
|
||
|
||
|
||
**python-pkg**
|
||
|
||
|
||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||
| Pillow | CVE-2021-25287 | CRITICAL | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25287">https://access.redhat.com/security/cve/CVE-2021-25287</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287</a><br><a href="https://github.com/advisories/GHSA-77gc-v2xv-rvvh">https://github.com/advisories/GHSA-77gc-v2xv-rvvh</a><br><a href="https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87">https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470">https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87">https://github.com/python-pillow/Pillow/pull/5377/commits/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25287">https://nvd.nist.gov/vuln/detail/CVE-2021-25287</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
|
||
| Pillow | CVE-2021-25288 | CRITICAL | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25288">https://access.redhat.com/security/cve/CVE-2021-25288</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288</a><br><a href="https://github.com/advisories/GHSA-rwv7-3v45-hg29">https://github.com/advisories/GHSA-rwv7-3v45-hg29</a><br><a href="https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87">https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470">https://github.com/python-pillow/Pillow/pull/5377#issuecomment-833821470</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25288">https://nvd.nist.gov/vuln/detail/CVE-2021-25288</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
|
||
| Pillow | CVE-2021-25289 | CRITICAL | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25289">https://access.redhat.com/security/cve/CVE-2021-25289</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25289</a><br><a href="https://github.com/advisories/GHSA-57h3-9rgr-c24m">https://github.com/advisories/GHSA-57h3-9rgr-c24m</a><br><a href="https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c">https://github.com/python-pillow/Pillow/commit/3fee28eb9479bf7d59e0fa08068f9cc4a6e2f04c</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25289">https://nvd.nist.gov/vuln/detail/CVE-2021-25289</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-34552 | CRITICAL | 6.2.2 | 8.3.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34552.json</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-34552">https://access.redhat.com/security/cve/CVE-2021-34552</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34552</a><br><a href="https://github.com/advisories/GHSA-7534-mm45-c74v">https://github.com/advisories/GHSA-7534-mm45-c74v</a><br><a href="https://github.com/python-pillow/Pillow/pull/5567">https://github.com/python-pillow/Pillow/pull/5567</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-34552">https://nvd.nist.gov/vuln/detail/CVE-2021-34552</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-5227-1">https://ubuntu.com/security/notices/USN-5227-1</a><br><a href="https://ubuntu.com/security/notices/USN-5227-2">https://ubuntu.com/security/notices/USN-5227-2</a><br></details> |
|
||
| Pillow | CVE-2022-22815 | CRITICAL | 6.2.2 | 9.0.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22815">https://access.redhat.com/security/cve/CVE-2022-22815</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815</a><br><a href="https://github.com/advisories/GHSA-pw3c-h7wp-cvhx">https://github.com/advisories/GHSA-pw3c-h7wp-cvhx</a><br><a href="https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331">https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331</a><br><a href="https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c">https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html">https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22815">https://nvd.nist.gov/vuln/detail/CVE-2022-22815</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling</a><br><a href="https://ubuntu.com/security/notices/USN-5227-1">https://ubuntu.com/security/notices/USN-5227-1</a><br><a href="https://ubuntu.com/security/notices/USN-5227-2">https://ubuntu.com/security/notices/USN-5227-2</a><br><a href="https://www.debian.org/security/2022/dsa-5053">https://www.debian.org/security/2022/dsa-5053</a><br></details> |
|
||
| Pillow | CVE-2022-22817 | CRITICAL | 6.2.2 | 9.0.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22817">https://access.redhat.com/security/cve/CVE-2022-22817</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817</a><br><a href="https://github.com/advisories/GHSA-8vj2-vxx3-667w">https://github.com/advisories/GHSA-8vj2-vxx3-667w</a><br><a href="https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11">https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11</a><br><a href="https://linux.oracle.com/cve/CVE-2022-22817.html">https://linux.oracle.com/cve/CVE-2022-22817.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0643.html">https://linux.oracle.com/errata/ELSA-2022-0643.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html">https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22817">https://nvd.nist.gov/vuln/detail/CVE-2022-22817</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security</a><br><a href="https://ubuntu.com/security/notices/USN-5227-1">https://ubuntu.com/security/notices/USN-5227-1</a><br><a href="https://ubuntu.com/security/notices/USN-5227-2">https://ubuntu.com/security/notices/USN-5227-2</a><br><a href="https://www.debian.org/security/2022/dsa-5053">https://www.debian.org/security/2022/dsa-5053</a><br></details> |
|
||
| Pillow | CVE-2020-10379 | HIGH | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-10379">https://access.redhat.com/security/cve/CVE-2020-10379</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10379</a><br><a href="https://github.com/advisories/GHSA-8843-m7mw-mxqm">https://github.com/advisories/GHSA-8843-m7mw-mxqm</a><br><a href="https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac">https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10379">https://nvd.nist.gov/vuln/detail/CVE-2020-10379</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html">https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574577</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| Pillow | CVE-2020-11538 | HIGH | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-11538">https://access.redhat.com/security/cve/CVE-2020-11538</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11538</a><br><a href="https://github.com/advisories/GHSA-43fq-w8qq-v88h">https://github.com/advisories/GHSA-43fq-w8qq-v88h</a><br><a href="https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security">https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security</a><br><a href="https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d">https://github.com/python-pillow/Pillow/commit/2ef59fdbaeb756bc512ab3f2ad15ac45665b303d</a><br><a href="https://github.com/python-pillow/Pillow/pull/4504">https://github.com/python-pillow/Pillow/pull/4504</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://linux.oracle.com/cve/CVE-2020-11538.html">https://linux.oracle.com/cve/CVE-2020-11538.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-3185.html">https://linux.oracle.com/errata/ELSA-2020-3185.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-11538">https://nvd.nist.gov/vuln/detail/CVE-2020-11538</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574574</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| Pillow | CVE-2020-35653 | HIGH | 6.2.2 | 8.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-35653">https://access.redhat.com/security/cve/CVE-2020-35653</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653</a><br><a href="https://github.com/advisories/GHSA-f5g8-5qq7-938w">https://github.com/advisories/GHSA-f5g8-5qq7-938w</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35653">https://nvd.nist.gov/vuln/detail/CVE-2020-35653</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-4697-1">https://ubuntu.com/security/notices/USN-4697-1</a><br><a href="https://ubuntu.com/security/notices/USN-4697-2">https://ubuntu.com/security/notices/USN-4697-2</a><br></details> |
|
||
| Pillow | CVE-2020-35654 | HIGH | 6.2.2 | 8.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-35654">https://access.redhat.com/security/cve/CVE-2020-35654</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654</a><br><a href="https://github.com/advisories/GHSA-vqcj-wrf2-7v73">https://github.com/advisories/GHSA-vqcj-wrf2-7v73</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35654">https://nvd.nist.gov/vuln/detail/CVE-2020-35654</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-4697-1">https://ubuntu.com/security/notices/USN-4697-1</a><br></details> |
|
||
| Pillow | CVE-2021-23437 | HIGH | 6.2.2 | 8.3.2 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-23437">https://access.redhat.com/security/cve/CVE-2021-23437</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437</a><br><a href="https://github.com/advisories/GHSA-98vv-pw6r-q6q4">https://github.com/advisories/GHSA-98vv-pw6r-q6q4</a><br><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b">https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23437">https://nvd.nist.gov/vuln/detail/CVE-2021-23437</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443</a><br><a href="https://ubuntu.com/security/notices/USN-5227-1">https://ubuntu.com/security/notices/USN-5227-1</a><br><a href="https://ubuntu.com/security/notices/USN-5227-2">https://ubuntu.com/security/notices/USN-5227-2</a><br></details> |
|
||
| Pillow | CVE-2021-25290 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25290">https://access.redhat.com/security/cve/CVE-2021-25290</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25290</a><br><a href="https://github.com/advisories/GHSA-8xjq-8fcg-g5hw">https://github.com/advisories/GHSA-8xjq-8fcg-g5hw</a><br><a href="https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa">https://github.com/python-pillow/Pillow/commit/86f02f7c70862a0954bfe8133736d352db978eaa</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25290">https://nvd.nist.gov/vuln/detail/CVE-2021-25290</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-25291 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25291">https://access.redhat.com/security/cve/CVE-2021-25291</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25291</a><br><a href="https://github.com/advisories/GHSA-mvg9-xffr-p774">https://github.com/advisories/GHSA-mvg9-xffr-p774</a><br><a href="https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a">https://github.com/python-pillow/Pillow/commit/cbdce6c5d054fccaf4af34b47f212355c64ace7a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25291">https://nvd.nist.gov/vuln/detail/CVE-2021-25291</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-25293 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25293">https://access.redhat.com/security/cve/CVE-2021-25293</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25293</a><br><a href="https://github.com/advisories/GHSA-p43w-g3c5-g5mq">https://github.com/advisories/GHSA-p43w-g3c5-g5mq</a><br><a href="https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9">https://github.com/python-pillow/Pillow/commit/4853e522bddbec66022c0915b9a56255d0188bf9</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25293">https://nvd.nist.gov/vuln/detail/CVE-2021-25293</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-27921 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-27921">https://access.redhat.com/security/cve/CVE-2021-27921</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27921</a><br><a href="https://github.com/advisories/GHSA-f4w8-cv6p-x6r5">https://github.com/advisories/GHSA-f4w8-cv6p-x6r5</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27921">https://nvd.nist.gov/vuln/detail/CVE-2021-27921</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-27922 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-27922">https://access.redhat.com/security/cve/CVE-2021-27922</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27922</a><br><a href="https://github.com/advisories/GHSA-3wvg-mj6g-m9cv">https://github.com/advisories/GHSA-3wvg-mj6g-m9cv</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27922">https://nvd.nist.gov/vuln/detail/CVE-2021-27922</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-27923 | HIGH | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-27923">https://access.redhat.com/security/cve/CVE-2021-27923</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27923</a><br><a href="https://github.com/advisories/GHSA-95q3-8gr9-gm8w">https://github.com/advisories/GHSA-95q3-8gr9-gm8w</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G44Z33J4BNI2DPDROHWGVG2U7ZH5JU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQQY6472RX4J2SUJENWDZAWKTJJGP2ML/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTSY25UJU7NJUFHH3HWT575LT4TDFWBZ/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27923">https://nvd.nist.gov/vuln/detail/CVE-2021-27923</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-28676 | HIGH | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-28676">https://access.redhat.com/security/cve/CVE-2021-28676</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676</a><br><a href="https://github.com/advisories/GHSA-7r7m-5h27-29hp">https://github.com/advisories/GHSA-7r7m-5h27-29hp</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377">https://github.com/python-pillow/Pillow/pull/5377</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28676">https://nvd.nist.gov/vuln/detail/CVE-2021-28676</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#security</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
|
||
| Pillow | CVE-2021-28677 | HIGH | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-28677">https://access.redhat.com/security/cve/CVE-2021-28677</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677</a><br><a href="https://github.com/advisories/GHSA-q5hq-fp76-qmrc">https://github.com/advisories/GHSA-q5hq-fp76-qmrc</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377">https://github.com/python-pillow/Pillow/pull/5377</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html">https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28677">https://nvd.nist.gov/vuln/detail/CVE-2021-28677</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
|
||
| Pillow | CVE-2020-10177 | MEDIUM | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-10177">https://access.redhat.com/security/cve/CVE-2020-10177</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177</a><br><a href="https://github.com/advisories/GHSA-cqhg-xjhh-p8hf">https://github.com/advisories/GHSA-cqhg-xjhh-p8hf</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4503">https://github.com/python-pillow/Pillow/pull/4503</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html">https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10177">https://nvd.nist.gov/vuln/detail/CVE-2020-10177</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html">https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574573</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://ubuntu.com/security/notices/USN-4697-2">https://ubuntu.com/security/notices/USN-4697-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| Pillow | CVE-2020-10378 | MEDIUM | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-10378">https://access.redhat.com/security/cve/CVE-2020-10378</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10378</a><br><a href="https://github.com/advisories/GHSA-3xv8-3j54-hgrp">https://github.com/advisories/GHSA-3xv8-3j54-hgrp</a><br><a href="https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml">https://github.com/pypa/advisory-db/blob/7872b0a91b4d980f749e6d75a81f8cc1af32829f/vulns/pillow/PYSEC-2020-77.yaml</a><br><a href="https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac">https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10378">https://nvd.nist.gov/vuln/detail/CVE-2020-10378</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html">https://pillow.readthedocs.io/en/stable/releasenotes/6.2.3.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| Pillow | CVE-2020-10994 | MEDIUM | 6.2.2 | 7.0.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-10994">https://access.redhat.com/security/cve/CVE-2020-10994</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994</a><br><a href="https://github.com/advisories/GHSA-vj42-xq3r-hr3r">https://github.com/advisories/GHSA-vj42-xq3r-hr3r</a><br><a href="https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security">https://github.com/python-pillow/Pillow/blob/master/docs/releasenotes/7.1.0.rst#security</a><br><a href="https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4">https://github.com/python-pillow/Pillow/commit/ff60894d697d1992147b791101ad53a8bf1352e4</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging/">https://github.com/python-pillow/Pillow/commits/master/src/libImaging/</a><br><a href="https://github.com/python-pillow/Pillow/pull/4505">https://github.com/python-pillow/Pillow/pull/4505</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-10994">https://nvd.nist.gov/vuln/detail/CVE-2020-10994</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/">https://pillow.readthedocs.io/en/stable/releasenotes/</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-574575</a><br><a href="https://ubuntu.com/security/notices/USN-4430-1">https://ubuntu.com/security/notices/USN-4430-1</a><br><a href="https://ubuntu.com/security/notices/USN-4430-2">https://ubuntu.com/security/notices/USN-4430-2</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| Pillow | CVE-2020-35655 | MEDIUM | 6.2.2 | 8.1.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-35655">https://access.redhat.com/security/cve/CVE-2020-35655</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655</a><br><a href="https://github.com/advisories/GHSA-hf64-x4gq-p99h">https://github.com/advisories/GHSA-hf64-x4gq-p99h</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BYVI5G44MRIPERKYDQEL3S3YQCZTVHE/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF553AMNNNBW7SH4IM4MNE4M6GNZQ7YD/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35655">https://nvd.nist.gov/vuln/detail/CVE-2020-35655</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/index.html">https://pillow.readthedocs.io/en/stable/releasenotes/index.html</a><br><a href="https://ubuntu.com/security/notices/USN-4697-1">https://ubuntu.com/security/notices/USN-4697-1</a><br></details> |
|
||
| Pillow | CVE-2021-25292 | MEDIUM | 6.2.2 | 8.1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-25292">https://access.redhat.com/security/cve/CVE-2021-25292</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25292</a><br><a href="https://github.com/advisories/GHSA-9hx2-hgq2-2g4f">https://github.com/advisories/GHSA-9hx2-hgq2-2g4f</a><br><a href="https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c">https://github.com/python-pillow/Pillow/commit/3bce145966374dd39ce58a6fc0083f8d1890719c</a><br><a href="https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4">https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-25292">https://nvd.nist.gov/vuln/detail/CVE-2021-25292</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4763-1">https://ubuntu.com/security/notices/USN-4763-1</a><br></details> |
|
||
| Pillow | CVE-2021-28675 | MEDIUM | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-28675">https://access.redhat.com/security/cve/CVE-2021-28675</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675</a><br><a href="https://github.com/advisories/GHSA-g6rj-rv7j-xwp4">https://github.com/advisories/GHSA-g6rj-rv7j-xwp4</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497">https://github.com/python-pillow/Pillow/pull/5377/commits/22e9bee4ef225c0edbb9323f94c26cee0c623497</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28675">https://nvd.nist.gov/vuln/detail/CVE-2021-28675</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
|
||
| Pillow | CVE-2021-28678 | MEDIUM | 6.2.2 | 8.2.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-28678">https://access.redhat.com/security/cve/CVE-2021-28678</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678</a><br><a href="https://github.com/advisories/GHSA-hjfx-8p6c-g7gx">https://github.com/advisories/GHSA-hjfx-8p6c-g7gx</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377">https://github.com/python-pillow/Pillow/pull/5377</a><br><a href="https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1">https://github.com/python-pillow/Pillow/pull/5377/commits/496245aa4365d0827390bd0b6fbd11287453b3a1</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28678">https://nvd.nist.gov/vuln/detail/CVE-2021-28678</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos</a><br><a href="https://security.gentoo.org/glsa/202107-33">https://security.gentoo.org/glsa/202107-33</a><br><a href="https://ubuntu.com/security/notices/USN-4963-1">https://ubuntu.com/security/notices/USN-4963-1</a><br></details> |
|
||
| Pillow | CVE-2022-22816 | MEDIUM | 6.2.2 | 9.0.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22816">https://access.redhat.com/security/cve/CVE-2022-22816</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816</a><br><a href="https://github.com/advisories/GHSA-xrcv-f9gm-v42c">https://github.com/advisories/GHSA-xrcv-f9gm-v42c</a><br><a href="https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331">https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331</a><br><a href="https://linux.oracle.com/cve/CVE-2022-22816.html">https://linux.oracle.com/cve/CVE-2022-22816.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0643.html">https://linux.oracle.com/errata/ELSA-2022-0643.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html">https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22816">https://nvd.nist.gov/vuln/detail/CVE-2022-22816</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling</a><br><a href="https://ubuntu.com/security/notices/USN-5227-1">https://ubuntu.com/security/notices/USN-5227-1</a><br><a href="https://ubuntu.com/security/notices/USN-5227-2">https://ubuntu.com/security/notices/USN-5227-2</a><br><a href="https://www.debian.org/security/2022/dsa-5053">https://www.debian.org/security/2022/dsa-5053</a><br></details> |
|
||
| Pillow | CVE-2022-24303 | MEDIUM | 6.2.2 | 9.0.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-24303">https://access.redhat.com/security/cve/CVE-2022-24303</a><br><a href="https://github.com/advisories/GHSA-9j59-75qj-795w">https://github.com/advisories/GHSA-9j59-75qj-795w</a><br><a href="https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26">https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26</a><br><a href="https://github.com/python-pillow/Pillow/pull/3450">https://github.com/python-pillow/Pillow/pull/3450</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-24303">https://nvd.nist.gov/vuln/detail/CVE-2022-24303</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security</a><br></details> |
|
||
| Pillow | GHSA-jgpv-4h4c-xhw3 | MEDIUM | 6.2.2 | 8.1.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-jgpv-4h4c-xhw3">https://github.com/advisories/GHSA-jgpv-4h4c-xhw3</a><br><a href="https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3">https://github.com/calix2/pyVulApp/security/advisories/GHSA-jgpv-4h4c-xhw3</a><br></details> |
|
||
| Pillow | GHSA-4fx9-vc88-q2xc | LOW | 6.2.2 | 9.0.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-4fx9-vc88-q2xc">https://github.com/advisories/GHSA-4fx9-vc88-q2xc</a><br><a href="https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd">https://github.com/python-pillow/Pillow/commit/baae9ec4b67c68e3adaf1208cf54e8de5e38a6fd</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file">https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#ensure-jpegimageplugin-stops-at-the-end-of-a-truncated-file</a><br></details> |
|
||
| Pillow | PYSEC-2020-77 | UNKNOWN | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac">https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://usn.ubuntu.com/4430-1/">https://usn.ubuntu.com/4430-1/</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| Pillow | PYSEC-2020-78 | UNKNOWN | 6.2.2 | 7.1.0 | <details><summary>Expand...</summary><a href="https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac">https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac</a><br><a href="https://github.com/python-pillow/Pillow/commits/master/src/libImaging">https://github.com/python-pillow/Pillow/commits/master/src/libImaging</a><br><a href="https://github.com/python-pillow/Pillow/pull/4538">https://github.com/python-pillow/Pillow/pull/4538</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEBCPE4F2VHTIT6EZA2YZQZLPVDEBJGD/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOKHNWV2VS5GESY7IBD237E7C6T3I427/</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/7.1.0.html</a><br><a href="https://usn.ubuntu.com/4430-2/">https://usn.ubuntu.com/4430-2/</a><br></details> |
|
||
| pycrypto | CVE-2013-7459 | CRITICAL | 2.6.1 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2016/12/27/8">http://www.openwall.com/lists/oss-security/2016/12/27/8</a><br><a href="http://www.securityfocus.com/bid/95122">http://www.securityfocus.com/bid/95122</a><br><a href="https://access.redhat.com/security/cve/CVE-2013-7459">https://access.redhat.com/security/cve/CVE-2013-7459</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1409754">https://bugzilla.redhat.com/show_bug.cgi?id=1409754</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7459</a><br><a href="https://github.com/advisories/GHSA-cq27-v7xp-c356">https://github.com/advisories/GHSA-cq27-v7xp-c356</a><br><a href="https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4">https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4</a><br><a href="https://github.com/dlitz/pycrypto/issues/176">https://github.com/dlitz/pycrypto/issues/176</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2013-7459">https://nvd.nist.gov/vuln/detail/CVE-2013-7459</a><br><a href="https://pony7.fr/ctf:public:32c3:cryptmsg">https://pony7.fr/ctf:public:32c3:cryptmsg</a><br><a href="https://security.gentoo.org/glsa/201702-14">https://security.gentoo.org/glsa/201702-14</a><br><a href="https://ubuntu.com/security/notices/USN-3199-1">https://ubuntu.com/security/notices/USN-3199-1</a><br><a href="https://ubuntu.com/security/notices/USN-3199-2">https://ubuntu.com/security/notices/USN-3199-2</a><br><a href="https://ubuntu.com/security/notices/USN-3199-3">https://ubuntu.com/security/notices/USN-3199-3</a><br></details> |
|
||
| pycrypto | CVE-2018-6594 | HIGH | 2.6.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-6594">https://access.redhat.com/security/cve/CVE-2018-6594</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594</a><br><a href="https://github.com/Legrandin/pycryptodome/issues/90">https://github.com/Legrandin/pycryptodome/issues/90</a><br><a href="https://github.com/TElgamal/attack-on-pycrypto-elgamal">https://github.com/TElgamal/attack-on-pycrypto-elgamal</a><br><a href="https://github.com/advisories/GHSA-6528-wvf6-f6qg">https://github.com/advisories/GHSA-6528-wvf6-f6qg</a><br><a href="https://github.com/dlitz/pycrypto/issues/253">https://github.com/dlitz/pycrypto/issues/253</a><br><a href="https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html">https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-6594">https://nvd.nist.gov/vuln/detail/CVE-2018-6594</a><br><a href="https://security.gentoo.org/glsa/202007-62">https://security.gentoo.org/glsa/202007-62</a><br><a href="https://ubuntu.com/security/notices/USN-3616-1">https://ubuntu.com/security/notices/USN-3616-1</a><br><a href="https://ubuntu.com/security/notices/USN-3616-2">https://ubuntu.com/security/notices/USN-3616-2</a><br><a href="https://usn.ubuntu.com/3616-1/">https://usn.ubuntu.com/3616-1/</a><br><a href="https://usn.ubuntu.com/3616-2/">https://usn.ubuntu.com/3616-2/</a><br></details> |
|