CVE-2022-24303
published 2022-03-28CVE-2022-24303: Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pillow | < pillow 9.0.1-1 (bookworm) | pillow 9.0.1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| paloalto | pan-os | — | — |
| python | pillow | < 9.0.1 | 9.0.1 |
| python | pillow | >= 0 < 8.1.2+dfsg-0.3+deb11u3 | 8.1.2+dfsg-0.3+deb11u3 |
| python | pillow | >= 0 < 9.0.1-1 | 9.0.1-1 |
| python | pillow | >= 0 < 9.0.1-1 | 9.0.1-1 |
| python | pillow | >= 0 < 9.0.1-1 | 9.0.1-1 |
| python | pillow | >= 0 < 9.0.1 | 9.0.1 |
| python | pillow | >= 0 < 7.0.0-4ubuntu0.7 | 7.0.0-4ubuntu0.7 |
| python | pillow | >= 0 < 9.0.1-1ubuntu0.1 | 9.0.1-1ubuntu0.1 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
osv9.1CRITICAL