** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

Affected versions of Joblib are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.

Joblib 1.2.0 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Joblib 1.1.1 fixes a security issue where 'eval(pre_dispatch)' could potentially run arbitrary code. Now only basic numerics are supported.
https://github.com/joblib/joblib/pull/1327

Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
https://github.com/python-pillow/Pillow/pull/7244

Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.

Pillow 9.3.0 includes a security fix: Pillow will now decode the data in its natural CMYK mode, then convert it to RGB and rearrange the channels afterwards. Trying to load the data in an incorrect mode could result in a segmentation fault.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#decode-jpeg-compressed-blp1-data-in-original-mode

Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.
https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html#limit-samplesperpixel-to-avoid-runtime-dos

Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.
https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues.

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287