Published: 03/09/2021 Updated: 22/03/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The package pillow 5.2.0 and prior to 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pillow
fedoraproject fedora 33
fedoraproject fedora 34

An incomplete fix was discovered in Pillow ...

The package pillow 520 and before 832 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function (CVE-2021-23437) ...

The package pillow from 0 and before 832 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function ...

Create Python- and R-containers with security vulnerabilities. Used for testing security scanning.

py-r-vul-examples This repo contains Dockerfiles for creating Python- and R-containers with security vulnerabilities Used for testing security scanning Build containers Python: cd python docker build -t vul-py-test R: cd R docker build -t vul-r-test Use containers The built containers are publ

CWE-125 https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443 https://security.gentoo.org/glsa/202211-10 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/https://lists.debian.org/debian-lts-announce/2024/03/msg00021.html https://ubuntu.com/security/notices/USN-5227-3 https://nvd.nist.gov

CVE-2021-23437

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect