Pillow command injection

🗓️ 17 May 2022 04:39:45Reported by GitHub Advisory DatabaseType

Pillow command injection vulnerability in Python Image Library (PIL) 1.1.7 and earlier, and Pillow before 2.5.0, allowing remote execution of arbitrary commands via shell metacharacters related to CVE-2014-1932

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 69
OpenVAS	Mageia: Security Advisory (MGASA-2014-0476)	28 Jan 202200:00	–	openvas
OpenVAS	Fedora Update for python-pillow FEDORA-2014-14883	23 Nov 201400:00	–	openvas
OpenVAS	Fedora Update for python-pillow FEDORA-2014-14980	23 Nov 201400:00	–	openvas
OpenVAS	Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2701)	23 Jan 202000:00	–	openvas
OpenVAS	Ubuntu Update for python-imaging USN-2168-1	21 Apr 201400:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2014:0705-1)	9 Jun 202100:00	–	openvas
OpenVAS	Mageia: Security Advisory (MGASA-2014-0159)	28 Jan 202200:00	–	openvas
OpenVAS	Mageia: Security Advisory (MGASA-2014-0158)	28 Jan 202200:00	–	openvas
OpenVAS	Ubuntu: Security Advisory (USN-2168-1)	21 Apr 201400:00	–	openvas
OpenVAS	Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2019-2654)	23 Jan 202000:00	–	openvas

Vulners

Node

python pillowRange<2.5.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3007
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
people	www.people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html
github	www.github.com/pypa/advisory-database/tree/main/vulns/pillow/PYSEC-2014-87.yaml
github	www.github.com/advisories/GHSA-8m9x-pxwq-j236

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo