Skip to content

policy requirements.txt #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
furi0us333 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

policy requirements.txt #36

furi0us333 wants to merge 1 commit into from

Conversation

@furi0us333
Copy link
Owner

@furi0us333 furi0us333 commented Apr 19, 2023

No description provided.

@github-actions
Copy link

github-actions bot commented Apr 19, 2023

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: pillow@5.3.0 failed.

Pillow@5.3.0 is vulnerable to Path traversal

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

pillow@5.3.0 is vulnerable to Buffer Copy without Checking Size of Input

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Improper Initialization

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Arbitrary expression injection

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Read

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Read

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

pillow@5.3.0 is vulnerable to Buffer Overflow

  • Risk Domain: Software Vulnerability
  • Risk Level: critical
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out of bounds read

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

pillow@5.3.0 is vulnerable to Pillow vulnerable to Data Amplification attack.

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

pillow@5.3.0 is vulnerable to Uncontrolled Resource Consumption

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Read

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to PCX P mode buffer overflow

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Integer overflow

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Potential infinite loop

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Uncontrolled Resource Consumption

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out of bounds read

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Write

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Denial of Service by Uncontrolled Resource Consumption

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Denial of Service by Uncontrolled Resource Consumption

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Write

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Read

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Uncontrolled Resource Consumption

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Buffer overflow

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds read

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Uncontrolled Resource Consumption

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

Pillow@5.3.0 is vulnerable to Out-of-bounds Read

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

pillow@5.3.0 is vulnerable to DOS attack in Pillow when processing specially crafted image files

  • Risk Domain: Software Vulnerability
  • Risk Level: high
  • Reason: risk level cannot exceed medium

View this project in the Phylum UI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@furi0us333