Open vipguy opened 4 months ago
Any CVE number? Why do you think it impacts this repo?
I upgraded to the new pillow and it broke some stuff , then github flagged my repo as a vulnerability, in most pillow versions .as for your repo , pillow requirement there is less of a vulnerability then the new one the new one has potential for attacks
On Fri, Feb 9, 2024, 8:03 p.m. Tomer @.***> wrote:
Any CVE number? Why do you think it impacts this repo?
— Reply to this email directly, view it on GitHub https://github.com/tomer8007/kik-bot-api-unofficial/issues/251#issuecomment-1936785273, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARY6SBSVSUXTCHU6UW6FVLTYS3BOXAVCNFSM6AAAAABDCGEJAKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZWG44DKMRXGM . You are receiving this because you authored the thread.Message ID: @.***>
https://security.snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
On Fri, Feb 9, 2024, 8:27 p.m. App Aesthetics @.***> wrote:
I upgraded to the new pillow and it broke some stuff , then github flagged my repo as a vulnerability, in most pillow versions .as for your repo , pillow requirement there is less of a vulnerability then the new one the new one has potential for attacks
On Fri, Feb 9, 2024, 8:03 p.m. Tomer @.***> wrote:
Any CVE number? Why do you think it impacts this repo?
— Reply to this email directly, view it on GitHub https://github.com/tomer8007/kik-bot-api-unofficial/issues/251#issuecomment-1936785273, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARY6SBSVSUXTCHU6UW6FVLTYS3BOXAVCNFSM6AAAAABDCGEJAKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZWG44DKMRXGM . You are receiving this because you authored the thread.Message ID: @.***>
What's the threat here? Sending an image to the bot that results in an RCE?
Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes() function is used
Pillow package, versions [,10.0.1) 10.2.0 also has some issues 😳