Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pillow@8.3.2
Typepypi
Namespace
Namepillow
Version8.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.2.0
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-2gpf-94cu-6fcd
vulnerability_id VCID-2gpf-94cu-6fcd
summary PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
references
0
reference_url https://github.com/advisories/GHSA-8vj2-vxx3-667w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-8vj2-vxx3-667w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-10.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11
4
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
reference_id CVE-2022-22817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22817
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
1
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-22817, GHSA-8vj2-vxx3-667w, PYSEC-2022-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2gpf-94cu-6fcd
1
url VCID-4tub-w66m-uyfu
vulnerability_id VCID-4tub-w66m-uyfu
summary Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
references
0
reference_url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst#1001-2023-09-15
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4863
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
reference_id
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5129
fixed_packages
0
url pkg:pypi/pillow@10.0.1
purl pkg:pypi/pillow@10.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.1
aliases PYSEC-2023-175
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tub-w66m-uyfu
2
url VCID-9hza-srk7-sucy
vulnerability_id VCID-9hza-srk7-sucy
summary Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.
references
0
reference_url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/releases/tag/12.2.0
1
reference_url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
fixed_packages
0
url pkg:pypi/pillow@12.2.0
purl pkg:pypi/pillow@12.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0
aliases CVE-2026-42308, GHSA-wjx4-4jcj-g98j, PYSEC-2026-165
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy
3
url VCID-d4dx-wbrv-gqaa
vulnerability_id VCID-d4dx-wbrv-gqaa
summary path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-pw3c-h7wp-cvhx
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-8.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1187
5
reference_url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c
6
reference_url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c
7
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
8
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
10
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
reference_id CVE-2022-22815
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22815
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22815, GHSA-pw3c-h7wp-cvhx, PYSEC-2022-8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4dx-wbrv-gqaa
4
url VCID-q8fz-36n2-vfh2
vulnerability_id VCID-q8fz-36n2-vfh2
summary Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
references
0
reference_url https://github.com/advisories/GHSA-9j59-75qj-795w
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-9j59-75qj-795w
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172
4
reference_url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781
5
reference_url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a
6
reference_url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26
7
reference_url https://github.com/python-pillow/Pillow/pull/3450
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/3450
8
reference_url https://github.com/python-pillow/Pillow/pull/6010
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6010
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP
11
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
12
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
reference_id CVE-2022-24303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24303
fixed_packages
0
url pkg:pypi/pillow@9.0.1
purl pkg:pypi/pillow@9.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-vx7b-mwfx-5fg2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.1
aliases CVE-2022-24303, GHSA-9j59-75qj-795w, GMS-2022-348, PYSEC-2022-168
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8fz-36n2-vfh2
5
url VCID-vx7b-mwfx-5fg2
vulnerability_id VCID-vx7b-mwfx-5fg2
summary Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
references
0
reference_url https://bugs.gentoo.org/855683
reference_id
reference_type
scores
url https://bugs.gentoo.org/855683
1
reference_url https://cwe.mitre.org/data/definitions/409.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/409.html
2
reference_url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
3
reference_url https://github.com/python-pillow/Pillow/pull/6402
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/6402
4
reference_url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/releases/tag/9.2.0
fixed_packages
0
url pkg:pypi/pillow@9.2.0
purl pkg:pypi/pillow@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q325-dhha-83b2
3
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.2.0
aliases CVE-2022-45198, PYSEC-2022-42979
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx7b-mwfx-5fg2
6
url VCID-wfzw-3x26-tucg
vulnerability_id VCID-wfzw-3x26-tucg
summary path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
references
0
reference_url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xrcv-f9gm-v42c
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-9.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331
4
reference_url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/5543e4e2d409cd9e409bc64cdc77be0af007a31f
5
reference_url https://github.com/python-pillow/Pillow/pull/5920
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/5920
6
reference_url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html
7
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
8
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
9
reference_url https://www.debian.org/security/2022/dsa-5053
reference_id
reference_type
scores
url https://www.debian.org/security/2022/dsa-5053
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
reference_id CVE-2022-22816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-22816
fixed_packages
0
url pkg:pypi/pillow@9.0.0
purl pkg:pypi/pillow@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
2
vulnerability VCID-q8fz-36n2-vfh2
3
vulnerability VCID-vx7b-mwfx-5fg2
4
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@9.0.0
aliases CVE-2022-22816, GHSA-xrcv-f9gm-v42c, PYSEC-2022-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfzw-3x26-tucg
7
url VCID-x3bz-ehvb-jyfs
vulnerability_id VCID-x3bz-ehvb-jyfs
summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
references
0
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
reference_id
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271/
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2023-227.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7
4
reference_url https://github.com/python-pillow/Pillow/pull/7244
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/pull/7244
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2JOEDUJDQLCUII2LQYZYSM7RJL2I3P4
7
reference_url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://devhub.checkmarx.com/cve-details/CVE-2023-44271
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
reference_id CVE-2023-44271
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44271
9
reference_url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
reference_id GHSA-8ghj-p4vj-mr35
reference_type
scores
url https://github.com/advisories/GHSA-8ghj-p4vj-mr35
fixed_packages
0
url pkg:pypi/pillow@10.0.0
purl pkg:pypi/pillow@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tub-w66m-uyfu
1
vulnerability VCID-9hza-srk7-sucy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@10.0.0
aliases CVE-2023-44271, GHSA-8ghj-p4vj-mr35, PYSEC-2023-227
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3bz-ehvb-jyfs
Fixing_vulnerabilities
0
url VCID-dkcx-xcb8-3fgj
vulnerability_id VCID-dkcx-xcb8-3fgj
summary The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
references
0
reference_url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-98vv-pw6r-q6q4
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml
2
reference_url https://github.com/python-pillow/Pillow
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow
3
reference_url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
reference_id
reference_type
scores
url https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
4
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT
9
reference_url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
reference_id
reference_type
scores
url https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
10
reference_url https://security.gentoo.org/glsa/202211-10
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202211-10
11
reference_url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
reference_id
reference_type
scores
url https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
reference_id CVE-2021-23437
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-23437
fixed_packages
0
url pkg:pypi/pillow@8.3.2
purl pkg:pypi/pillow@8.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2gpf-94cu-6fcd
1
vulnerability VCID-4tub-w66m-uyfu
2
vulnerability VCID-9hza-srk7-sucy
3
vulnerability VCID-d4dx-wbrv-gqaa
4
vulnerability VCID-q8fz-36n2-vfh2
5
vulnerability VCID-vx7b-mwfx-5fg2
6
vulnerability VCID-wfzw-3x26-tucg
7
vulnerability VCID-x3bz-ehvb-jyfs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2
aliases CVE-2021-23437, GHSA-98vv-pw6r-q6q4, PYSEC-2021-317, SNYK-PYTHON-PILLOW-1319443
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkcx-xcb8-3fgj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pillow@8.3.2