sharmas1ddharth / pybox Goto Github PK
View Code? Open in Web Editor NEWA python library with various scripts to perform basic and utility tasks
License: MIT License
A python library with various scripts to perform basic and utility tasks
License: MIT License
Python Imaging Library (Fork)
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
CVE | Severity | CVSS | Dependency | Type | Fixed in (Pillow version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-50447 | High | 8.1 | Pillow-9.1.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Direct | pillow - 10.2.0 | ❌ |
CVE-2023-44271 | High | 7.5 | Pillow-9.1.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Direct | Pillow - 10.0.0 | ❌ |
CVE-2022-45199 | High | 7.5 | Pillow-9.1.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Direct | 9.3.0 | ❌ |
CVE-2022-45198 | High | 7.5 | Pillow-9.1.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Direct | 9.2.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Python Imaging Library (Fork)
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in base branch: main
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Publish Date: 2024-01-19
URL: CVE-2023-50447
Base Score Metrics:
Type: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2024/01/20/1
Release Date: 2024-01-19
Fix Resolution: pillow - 10.2.0
Step up your Open Source Security Game with Mend here
Python Imaging Library (Fork)
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in base branch: main
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Publish Date: 2023-11-03
URL: CVE-2023-44271
Base Score Metrics:
Type: Upgrade version
Release Date: 2023-11-03
Fix Resolution: Pillow - 10.0.0
Step up your Open Source Security Game with Mend here
Python Imaging Library (Fork)
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in base branch: main
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Publish Date: 2022-11-14
URL: CVE-2022-45199
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-11-14
Fix Resolution: 9.3.0
Step up your Open Source Security Game with Mend here
Python Imaging Library (Fork)
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in base branch: main
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Publish Date: 2022-11-14
URL: CVE-2022-45198
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-11-14
Fix Resolution: 9.2.0
Step up your Open Source Security Game with Mend here
Easily download, build, install, upgrade, and uninstall Python packages
Library home page: https://files.pythonhosted.org/packages/8e/16/8f64922c8d7cd7ec193b145c9b11ad281064ff8604452ba19a6d5bbd7ed9/setuptools-60.2.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
CVE | Severity | CVSS | Dependency | Type | Fixed in (setuptools version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2022-40897 | Medium | 5.9 | setuptools-60.2.0-py3-none-any.whl | Direct | 65.5.1 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Easily download, build, install, upgrade, and uninstall Python packages
Library home page: https://files.pythonhosted.org/packages/8e/16/8f64922c8d7cd7ec193b145c9b11ad281064ff8604452ba19a6d5bbd7ed9/setuptools-60.2.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in base branch: main
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Publish Date: 2022-12-23
URL: CVE-2022-40897
Base Score Metrics:
Type: Upgrade version
Origin: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
Release Date: 2022-12-23
Fix Resolution: 65.5.1
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.