3 matches found
CVE-2026-55798
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
USN-7555-3 python-django vulnerability
USN-7555-1 fixed a vulnerability in Django. This update provides an additional fix for Ubuntu 20.04 LTS. Original advisory details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection...
USN-7555-2 python-django vulnerability
USN-7555-1 fixed vulnerabilities in Django. The fix was incomplete. This update applies an additional patch to fix it properly. Original advisory details: It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log...