{"url":"http://public2.vulnerablecode.io/api/packages/1054157?format=json","purl":"pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1","type":"deb","namespace":"debian","name":"pillow","version":"9.4.0-1.1+deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.1.0-5+deb13u2","latest_non_vulnerable_version":"12.2.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355825?format=json","vulnerability_id":"VCID-qmra-af2m-rfgx","summary":"Pillow has a PDF Parsing Trailer Infinite Loop (DoS)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42310","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0261","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42310"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/9519","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/9519"},{"reference_url":"https://github.com/advisories/GHSA-r73j-pqj5-w3x7","reference_id":"GHSA-r73j-pqj5-w3x7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r73j-pqj5-w3x7"},{"reference_url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7","reference_id":"GHSA-r73j-pqj5-w3x7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077820?format=json","purl":"pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2"}],"aliases":["CVE-2026-42310","GHSA-r73j-pqj5-w3x7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmra-af2m-rfgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/355824?format=json","vulnerability_id":"VCID-vdkd-4w7v-sbds","summary":"Pillow has an integer overflow when processing fonts","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42308","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02857","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42308"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/advisories/GHSA-wjx4-4jcj-g98j","reference_id":"GHSA-wjx4-4jcj-g98j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjx4-4jcj-g98j"},{"reference_url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j","reference_id":"GHSA-wjx4-4jcj-g98j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1077820?format=json","purl":"pkg:deb/debian/pillow@11.1.0-5%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@11.1.0-5%252Bdeb13u2"}],"aliases":["CVE-2026-42308","GHSA-wjx4-4jcj-g98j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdkd-4w7v-sbds"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9760?format=json","vulnerability_id":"VCID-19e1-19hk-duet","summary":"Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45198","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51379","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51319","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51373","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51371","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51414","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51393","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5141","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.5143","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.5478","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54757","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54703","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54745","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54801","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45198"},{"reference_url":"https://bugs.gentoo.org/855683","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.gentoo.org/855683"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45198"},{"reference_url":"https://cwe.mitre.org/data/definitions/409.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwe.mitre.org/data/definitions/409.html"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-42979.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/6402","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/6402"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/6402/commits/c9f1b35e981075110a23487a8d4a6cbb59a588ea"},{"reference_url":"https://github.com/python-pillow/Pillow/releases/tag/9.2.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/releases/tag/9.2.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45198","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45198"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://github.com/advisories/GHSA-m2vv-5vj5-2hm7","reference_id":"GHSA-m2vv-5vj5-2hm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2vv-5vj5-2hm7"},{"reference_url":"https://usn.ubuntu.com/5777-1/","reference_id":"USN-5777-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5777-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5777-2/","reference_id":"USN-USN-5777-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5777-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1054157?format=json","purl":"pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qmra-af2m-rfgx"},{"vulnerability":"VCID-vdkd-4w7v-sbds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1"}],"aliases":["BIT-pillow-2022-45198","CVE-2022-45198","GHSA-m2vv-5vj5-2hm7","PYSEC-2022-42979"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19e1-19hk-duet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6583?format=json","vulnerability_id":"VCID-1vt7-c6e3-7qc8","summary":"The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23437.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23437","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45314","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45402","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45452","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45456","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45404","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45434","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45414","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45394","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45239","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45222","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45158","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45261","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45321","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45315","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23437"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-98vv-pw6r-q6q4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98vv-pw6r-q6q4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2021-317.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2001907","reference_id":"2001907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2001907"},{"reference_url":"https://security.archlinux.org/AVG-2366","reference_id":"AVG-2366","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2366"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23437","reference_id":"CVE-2021-23437","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23437"},{"reference_url":"https://usn.ubuntu.com/5227-1/","reference_id":"USN-5227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-1/"},{"reference_url":"https://usn.ubuntu.com/5227-2/","reference_id":"USN-5227-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5227-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1054157?format=json","purl":"pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qmra-af2m-rfgx"},{"vulnerability":"VCID-vdkd-4w7v-sbds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1"}],"aliases":["BIT-pillow-2021-23437","CVE-2021-23437","GHSA-98vv-pw6r-q6q4","PYSEC-2021-317","SNYK-PYTHON-PILLOW-1319443"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vt7-c6e3-7qc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8707?format=json","vulnerability_id":"VCID-brp2-dtrf-jyfr","summary":"Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24303","reference_id":"","reference_type":"","scores":[{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80769","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80748","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80727","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80711","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80698","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.8067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80637","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.80612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01428","scoring_system":"epss","scoring_elements":"0.8059","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24303"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-9j59-75qj-795w","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9j59-75qj-795w"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2022-168.yaml"},{"reference_url":"https://github.com/python-pillow/Pillow","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow"},{"reference_url":"https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/blob/e8ab5640774716c5486d3cb05167f74f742ad6ef/CHANGES.rst?plain=1#L1172"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/10c4f75aaa383bd9671e923e3b91d391ea12d781"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/143032103c9f2d55a0a7960bd3e630cb72549e8a"},{"reference_url":"https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/3450","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/3450"},{"reference_url":"https://github.com/python-pillow/Pillow/pull/6010","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/python-pillow/Pillow/pull/6010"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W4ZUXPKEX72O3E5IHBPVY5ZCPMJ4GHHV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XR6UP2XONXOVXI4446VY72R63YRO2YTP"},{"reference_url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security"},{"reference_url":"https://security.gentoo.org/glsa/202211-10","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202211-10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052682","reference_id":"2052682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2052682"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24303","reference_id":"CVE-2022-24303","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24303"},{"reference_url":"https://usn.ubuntu.com/5777-1/","reference_id":"USN-5777-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5777-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5777-2/","reference_id":"USN-USN-5777-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5777-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1054157?format=json","purl":"pkg:deb/debian/pillow@9.4.0-1.1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qmra-af2m-rfgx"},{"vulnerability":"VCID-vdkd-4w7v-sbds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1"}],"aliases":["BIT-pillow-2022-24303","CVE-2022-24303","GHSA-9j59-75qj-795w","GMS-2022-348","PYSEC-2022-168"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brp2-dtrf-jyfr"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pillow@9.4.0-1.1%252Bdeb12u1"}