CVE-2022-24303 (Critical) detected in Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl #10
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2022-24303 - Critical Severity Vulnerability
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/8e/7a/b047f6f80fdb02c0cca1d3761d71e9800bcf6d4874b71c9e6548ec59e156/Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
Publish Date: 2022-03-28
URL: CVE-2022-24303
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9j59-75qj-795w
Release Date: 2022-03-28
Fix Resolution: 9.0.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: