Your submission was sent successfully! Close

CVE-2022-24303

Published: 28 March 2022

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
pillow
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Needs triage

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
pillow-python2
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needs triage

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist