9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.175 Low
EPSS
Percentile
96.1%
Quay 3.4.0 release
Security Fix(es):
waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)
waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)
waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789)
python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310)
python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311)
python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)
python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)
python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)
openstack-mistral: information disclosure in mistral log (CVE-2019-3866)
python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911)
PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)
python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)
yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)
python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378)
python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.175 Low
EPSS
Percentile
96.1%