dhondta/tinyscript:requirements.txt

Vulnerabilities

6 via 6 paths

Dependencies

47

Source

GitHub

Commit

8ca23ace

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 5
Status
  • 6
  • 0
  • 0

high severity

new

Arbitrary Code Execution

  • Vulnerable module: pyyaml
  • Introduced through: pyyaml@5.3.1

Detailed paths

  • Introduced through: dhondta/tinyscript@dhondta/tinyscript#8ca23acefd18a9b934d9c20298fdd79a6a9c1b31 pyyaml@5.3.1

Overview

pyyaml is a YAML parser and emitter for Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It processes untrusted YAML files through the full_load method or with the FullLoader loader. This is due to an incomplete fix for CVE-2020-1747

Remediation

There is no fixed version for pyyaml.

References

medium severity

Buffer Overflow

  • Vulnerable module: pillow
  • Introduced through: asciistuff@file-.asciistuff-VERSION.txt

Detailed paths

  • Introduced through: dhondta/tinyscript@dhondta/tinyscript#8ca23acefd18a9b934d9c20298fdd79a6a9c1b31 asciistuff@file-.asciistuff-VERSION.txt pillow@6.2.2
    Remediation: Upgrade to asciistuff@1.0.0.

Overview

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Buffer Overflow. Two Buffer Overflows exist in libImaging/TiffDecode.c.

Remediation

Upgrade Pillow to version 7.1.0 or higher.

References

medium severity

Out-of-Bounds

  • Vulnerable module: pillow
  • Introduced through: asciistuff@file-.asciistuff-VERSION.txt

Detailed paths

  • Introduced through: dhondta/tinyscript@dhondta/tinyscript#8ca23acefd18a9b934d9c20298fdd79a6a9c1b31 asciistuff@file-.asciistuff-VERSION.txt pillow@6.2.2
    Remediation: Upgrade to asciistuff@1.0.0.

Overview

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Out-of-Bounds. Multiple out-of-bounds reads exist in libImaging/FliDecode.c.

Remediation

Upgrade Pillow to version 7.1.0 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: pillow
  • Introduced through: asciistuff@file-.asciistuff-VERSION.txt

Detailed paths

  • Introduced through: dhondta/tinyscript@dhondta/tinyscript#8ca23acefd18a9b934d9c20298fdd79a6a9c1b31 asciistuff@file-.asciistuff-VERSION.txt pillow@6.2.2
    Remediation: Upgrade to asciistuff@1.0.0.

Overview

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Out-of-bounds Read. In libImaging/SgiRleDecode.c a number of out-of-bounds reads exist in the parsing of SGI image files.

Remediation

Upgrade Pillow to version 7.1.0 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: pillow
  • Introduced through: asciistuff@file-.asciistuff-VERSION.txt

Detailed paths

  • Introduced through: dhondta/tinyscript@dhondta/tinyscript#8ca23acefd18a9b934d9c20298fdd79a6a9c1b31 asciistuff@file-.asciistuff-VERSION.txt pillow@6.2.2
    Remediation: Upgrade to asciistuff@1.0.0.

Overview

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Out-of-bounds Read. In libImaging/Jpeg2KDecode.c there are multiple out-of-bounds reads via a crafted JP2 file.

Remediation

Upgrade Pillow to version 7.1.0 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: pillow
  • Introduced through: asciistuff@file-.asciistuff-VERSION.txt

Detailed paths

  • Introduced through: dhondta/tinyscript@dhondta/tinyscript#8ca23acefd18a9b934d9c20298fdd79a6a9c1b31 asciistuff@file-.asciistuff-VERSION.txt pillow@6.2.2
    Remediation: Upgrade to asciistuff@1.0.0.

Overview

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Out-of-bounds Read. In libImaging/PcxDecode.c, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

Remediation

Upgrade Pillow to version 7.1.0 or higher.

References