CVE-2021-23437
published 2021-09-03CVE-2021-23437: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pillow | < pillow 8.3.2-1 (bookworm) | pillow 8.3.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| python | pillow | < unspecified | unspecified |
| python | pillow | >= 0 < 8.1.2+dfsg-0.3+deb11u3 | 8.1.2+dfsg-0.3+deb11u3 |
| python | pillow | >= 0 < 8.3.2-1 | 8.3.2-1 |
| python | pillow | >= 0 < 8.3.2-1 | 8.3.2-1 |
| python | pillow | >= 0 < 8.3.2-1 | 8.3.2-1 |
| python | pillow | >= 0 < 9e08eb8f78fdfd2f476e1b20b7cf38683754866b | 9e08eb8f78fdfd2f476e1b20b7cf38683754866b |
| python | pillow | >= 0 < 8.3.2 | 8.3.2 |
| python | pillow | >= 0 < 5.1.0-1ubuntu0.8 | 5.1.0-1ubuntu0.8 |
| python | pillow | >= 0 < 5.1.0-1ubuntu0.7 | 5.1.0-1ubuntu0.7 |
| python | pillow | >= 0 < 7.0.0-4ubuntu0.6 | 7.0.0-4ubuntu0.6 |
| python | pillow | >= 0 < 7.0.0-4ubuntu0.5 | 7.0.0-4ubuntu0.5 |
| python | pillow | >= 0 < 2.3.0-1ubuntu3.4+esm3 | 2.3.0-1ubuntu3.4+esm3 |
| python | pillow | >= 0 < 3.1.2-0ubuntu1.6+esm1 | 3.1.2-0ubuntu1.6+esm1 |
| python | pillow | >= 5.2.0 < 8.3.2 | 8.3.2 |
| python | pillow | >= 5.2.0 < 8.3.2 | 8.3.2 |
| python | pillow | >= unspecified < 8.3.2 | 8.3.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH