mend-for-github-com[bot]
commented
7 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2021-28675 - Medium Severity Vulnerability
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/9f/b7/4b3304e5fd986e2ad8a0157adba88c01dcefc111deaf84a37175af5f5e43/Pillow-8.0.0-cp37-cp37m-manylinux1_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/tmp/ws-scm/pygoat,/requirements.txt
Dependency Hierarchy: - :x: **Pillow-8.0.0-cp37-cp37m-manylinux1_x86_64.whl** (Vulnerable Library)
Found in HEAD commit: 39f9d35675114e894b59ce9fcf75f5b99732fa0b
Found in base branch: master
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
Publish Date: 2021-06-02
URL: CVE-2021-28675
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
Release Date: 2021-06-02
Fix Resolution: 8.3.0