VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ydt8-c1kr-aaak

Essentials
Severities (119)
References (33)
Severity details (34)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ydt8-c1kr-aaak
Aliases	CVE-2023-50447 GHSA-3f63-hfp8-52jq
Summary	Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

System	Score	Found at
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00074	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00093	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00376	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00408	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.00554	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.01787	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
epss	0.08382	https://api.first.org/data/v1/epss?cve=CVE-2023-50447
cvssv3.1	8.1	https://devhub.checkmarx.com/cve-details/CVE-2023-50447
generic_textual	CRITICAL	https://devhub.checkmarx.com/cve-details/CVE-2023-50447
cvssv3.1	8.1	https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
generic_textual	CRITICAL	https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
generic_textual	HIGH	https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
cvssv3.1	8.1	https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
generic_textual	CRITICAL	https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
generic_textual	HIGH	https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
cvssv3.1	8.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-3f63-hfp8-52jq
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3f63-hfp8-52jq
cvssv3.1	6.7	https://github.com/python-pillow/Pillow
cvssv3.1	8.1	https://github.com/python-pillow/Pillow
generic_textual	CRITICAL	https://github.com/python-pillow/Pillow
generic_textual	MODERATE	https://github.com/python-pillow/Pillow
cvssv3.1	8.1	https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
generic_textual	CRITICAL	https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
generic_textual	HIGH	https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
cvssv3.1	8.1	https://github.com/python-pillow/Pillow/releases
generic_textual	CRITICAL	https://github.com/python-pillow/Pillow/releases
generic_textual	HIGH	https://github.com/python-pillow/Pillow/releases
cvssv3.1	8.1	https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-50447
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-50447
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2023-50447
cvssv3.1	8.1	https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
generic_textual	CRITICAL	https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
generic_textual	HIGH	https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2024/01/20/1
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2024/01/20/1
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2024/01/20/1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-50447
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44271
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50447
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28219
		https://devhub.checkmarx.com/cve-details/CVE-2023-50447/
		https://duartecsantos.github.io/2023-01-02-CVE-2023-50447
		https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
		https://duartecsantos.github.io/2024-01-02-CVE-2023-50447
		https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/python-pillow/Pillow
		https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a
		https://github.com/python-pillow/Pillow/releases
		https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html
		https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security
		http://www.openwall.com/lists/oss-security/2024/01/20/1
1061172		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061172
2259479		https://bugzilla.redhat.com/show_bug.cgi?id=2259479
cpe:2.3:a:python:pillow::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:pillow::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2023-50447		https://devhub.checkmarx.com/cve-details/CVE-2023-50447
CVE-2023-50447		https://nvd.nist.gov/vuln/detail/CVE-2023-50447
GHSA-3f63-hfp8-52jq		https://github.com/advisories/GHSA-3f63-hfp8-52jq
GLSA-202405-12		https://security.gentoo.org/glsa/202405-12
RHSA-2024:0754		https://access.redhat.com/errata/RHSA-2024:0754
RHSA-2024:0857		https://access.redhat.com/errata/RHSA-2024:0857
RHSA-2024:0893		https://access.redhat.com/errata/RHSA-2024:0893
RHSA-2024:1058		https://access.redhat.com/errata/RHSA-2024:1058
RHSA-2024:1059		https://access.redhat.com/errata/RHSA-2024:1059
RHSA-2024:1060		https://access.redhat.com/errata/RHSA-2024:1060
RHSA-2024:3781		https://access.redhat.com/errata/RHSA-2024:3781
USN-6618-1		https://usn.ubuntu.com/6618-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50447.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://devhub.checkmarx.com/cve-details/CVE-2023-50447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://duartecsantos.github.io/2023-01-02-CVE-2023-50447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://duartecsantos.github.io/2024-01-02-CVE-2023-50447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/python-pillow/Pillow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/python-pillow/Pillow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/python-pillow/Pillow/commit/45c726fd4daa63236a8f3653530f297dc87b160a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/python-pillow/Pillow/releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-50447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html#security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/20/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.33153
EPSS Score	0.00074
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-19T23:58:58.217998+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2