We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Descreva a vulnerabilidade de segurança (se houver CVE, coloque como referência)
CVE-2021-23437
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
References https://nvd.nist.gov/vuln/detail/CVE-2021-23437 python-pillow/Pillow@9e08eb8 https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/
Classifique a prioridade de correção, de acordo com a severidade da vulnerabilidade 30 dias
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Descreva a vulnerabilidade de segurança (se houver CVE, coloque como
referência)
CVE-2021-23437
The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-23437
python-pillow/Pillow@9e08eb8
https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/
Classifique a prioridade de correção, de acordo com a severidade da
vulnerabilidade 30 dias
The text was updated successfully, but these errors were encountered: