<⚡️> SuperAGI - A dev-first open source autonomous AI agent framework. Enabling developers to build, manage & run useful autonomous agents quickly and reliably.
Affected versions of this package are vulnerable to Arbitrary Code Execution via PIL.ImageMath.eval which allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
How to fix?
Upgrade Pillow to version 9.0.0 or higher.
2. Out-of-bounds Read:
Affected versions of this package are vulnerable to Out-of-bounds Read. A out-of-bounds read in exists in J2kDecode in j2ku_gray_i.
How to fix?
Upgrade Pillow to version 8.2.0 or higher.
3. Regular Expression Denial of Service (ReDoS):
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
How to fix?
Upgrade Pillow to version 8.3.2 or higher.
Pillow is a PIL (Python Imaging Library) fork.
1. Arbitrary Code Execution:
Affected versions of this package are vulnerable to Arbitrary Code Execution via
PIL.ImageMath.evalwhich allows evaluation of arbitrary expressions, such as ones that use the Pythonexecmethod.How to fix? Upgrade Pillow to version 9.0.0 or higher.
2. Out-of-bounds Read:
Affected versions of this package are vulnerable to Out-of-bounds Read. A out-of-bounds read in exists in
J2kDecodeinj2ku_gray_i.How to fix? Upgrade Pillow to version 8.2.0 or higher.
3. Regular Expression Denial of Service (ReDoS):
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the
getrgbfunction.How to fix? Upgrade Pillow to version 8.3.2 or higher.