Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pillow | Python | * | 9.0.1 (excluding) |
Pillow | Ubuntu | focal | * |
Pillow | Ubuntu | impish | * |
Pillow | Ubuntu | trusty | * |
Pillow | Ubuntu | upstream | * |
Pillow | Ubuntu | xenial | * |
Pillow-python2 | Ubuntu | esm-apps/focal | * |
Pillow-python2 | Ubuntu | focal | * |