[Snyk: Low] Pillow Out-of-bounds Read (6/2/21) #4443
Labels
Security: low
Remediate within 90 days
Comments
This was referenced Mar 3, 2021
|
This package does not cause a significant external security vulnerability since only approved and authenticated Wagtail users can upload resources to our system. We plan to patch this package when we upgrade our Wagtail version to the latest 2.11 LTS. |
patphongs
changed the title
patphongs
changed the title
1 task
|
No longer flagged |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@hcaofec commented on Wed Mar 03 2021
Introduced through: pillow@7.1.0 and wagtail@2.7.4
Exploit maturity: NO KNOWN EXPLOIT
Detailed paths
Introduced through: project@0.0.0 › pillow@7.1.0
Remediation: No remediation path available.
Introduced through: project@0.0.0 › wagtail@2.7.4 › Pillow@7.1.0
Remediation: No remediation path available.
Overview
Pillow is a PIL (Python Imaging Library) fork.
Affected versions of this package are vulnerable to Out-of-bounds Read due to invalid tile boundaries lead.
More info:
https://app.snyk.io/vuln/SNYK-PYTHON-PILLOW-1080635
The text was updated successfully, but these errors were encountered: