Описание
Duplicate Advisory: Bundled libwebp in Pillow vulnerable
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-56pw-mpj4-fxww. This link is maintained to preserve external references.
Original Description
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
Пакеты
Наименование
pillow
pip
Затронутые версииВерсия исправления
< 10.0.1
10.0.1