veshitala / flask-blogger Goto Github PK
View Code? Open in Web Editor NEWThis repository contains all the source code for our website
This repository contains all the source code for our website
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0/js/bootstrap.min.js
Path to dependency file: /flask-blogger/flaskblog/templates/layout.html
Path to vulnerable library: flask-blogger/flaskblog/templates/layout.html
Dependency Hierarchy:
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
Publish Date: 2021-01-12
URL: CVE-2020-35655
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655
Release Date: 2021-01-12
Fix Resolution: 8.1.0
Step up your Open Source Security Game with WhiteSource here
A very fast and expressive template engine.
Library home page: https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl
Path to vulnerable library: flask-blogger/requirements.txt,flask-blogger/requirements.txt
Dependency Hierarchy:
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
Publish Date: 2019-04-07
URL: CVE-2019-10906
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
Release Date: 2019-04-07
Fix Resolution: 2.10.1
Step up your Open Source Security Game with WhiteSource here
Database Abstraction Library
Library home page: https://files.pythonhosted.org/packages/c6/52/73d1c92944cd294a5b165097038418abb6a235f5956d43d06f97254f73bf/SQLAlchemy-1.2.17.tar.gz
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
Publish Date: 2019-02-20
URL: CVE-2019-7164
Base Score Metrics:
Type: Upgrade version
Origin: https://docs.sqlalchemy.org/en/14/changelog/changelog_13.html#change-1.3.0b3
Release Date: 2019-02-20
Fix Resolution: SQLAlchemy - 1.3.0b3
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
Publish Date: 2021-06-02
URL: CVE-2021-25287
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25287
Release Date: 2021-06-02
Fix Resolution: Pillow - 8.2.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Path to vulnerable library: flask-blogger/News Web Template/js/jquery-2.1.3.min.js
Dependency Hierarchy:
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
The comprehensive WSGI web application library.
Library home page: https://files.pythonhosted.org/packages/20/c4/12e3e56473e52375aa29c4764e70d1b8f3efa6682bef8d0aae04fe335243/Werkzeug-0.14.1-py2.py3-none-any.whl
Path to vulnerable library: flask-blogger/requirements.txt,flask-blogger/requirements.txt
Dependency Hierarchy:
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Publish Date: 2019-08-09
URL: CVE-2019-14806
Base Score Metrics:
Type: Upgrade version
Origin: https://palletsprojects.com/blog/werkzeug-0-15-3-released/
Release Date: 2019-08-09
Fix Resolution: 0.15.3
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Publish Date: 2021-03-03
URL: CVE-2021-27923
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
Release Date: 2021-03-03
Fix Resolution: Pillow - 8.1.2
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
Publish Date: 2020-06-25
URL: CVE-2020-10379
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Publish Date: 2021-03-19
URL: CVE-2021-25290
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.
Publish Date: 2021-06-02
URL: CVE-2021-28678
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28678
Release Date: 2021-06-02
Fix Resolution: Pillow - 8.2.0
Step up your Open Source Security Game with WhiteSource here
Database Abstraction Library
Library home page: https://files.pythonhosted.org/packages/c6/52/73d1c92944cd294a5b165097038418abb6a235f5956d43d06f97254f73bf/SQLAlchemy-1.2.17.tar.gz
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
Publish Date: 2019-02-06
URL: CVE-2019-7548
Base Score Metrics:
Type: Upgrade version
Origin: https://docs.sqlalchemy.org/en/14/changelog/changelog_13.html#change-1.3.0b3
Release Date: 2019-02-06
Fix Resolution: SQLAlchemy - 1.3.0b3
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Publish Date: 2020-01-03
URL: CVE-2020-5310
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5310
Release Date: 2020-01-03
Fix Resolution: Pillow - 6.2.2
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Publish Date: 2021-03-03
URL: CVE-2021-27922
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
Release Date: 2021-03-03
Fix Resolution: Pillow - 8.1.2
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
Publish Date: 2021-06-02
URL: CVE-2021-28675
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28675
Release Date: 2021-06-02
Fix Resolution: Pillow - 8.2.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Path to vulnerable library: flask-blogger/News Web Template/js/jquery-2.1.3.min.js
Dependency Hierarchy:
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Publish Date: 2020-06-25
URL: CVE-2020-10177
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
Publish Date: 2020-01-05
URL: CVE-2019-19911
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/python-pillow/Pillow/tree/6.2.2
Release Date: 2020-01-05
Fix Resolution: Pillow - 6.2.2
Step up your Open Source Security Game with WhiteSource here
NumPy is the fundamental package for array computing with Python.
Library home page: https://files.pythonhosted.org/packages/9f/85/163127d3fb0573deb9eca947cfc73aa3618eaaf8656501460574471d114a/numpy-1.16.0-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
Publish Date: 2019-01-16
URL: CVE-2019-6446
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1859
Release Date: 2019-01-16
Fix Resolution: 1.16.2
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0/js/bootstrap.min.js
Path to dependency file: /flask-blogger/flaskblog/templates/layout.html
Path to vulnerable library: flask-blogger/flaskblog/templates/layout.html
Dependency Hierarchy:
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
Publish Date: 2021-03-19
URL: CVE-2021-25292
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
Publish Date: 2021-06-02
URL: CVE-2021-28676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28676
Release Date: 2021-06-02
Fix Resolution: Pillow - 8.2.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
Publish Date: 2021-06-02
URL: CVE-2021-25288
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25288
Release Date: 2021-06-02
Fix Resolution: Pillow - 8.2.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Publish Date: 2020-06-25
URL: CVE-2020-11538
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Step up your Open Source Security Game with WhiteSource here
A very fast and expressive template engine.
Library home page: https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl
Path to vulnerable library: flask-blogger/requirements.txt,flask-blogger/requirements.txt
Dependency Hierarchy:
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the _punctuation_re regex
operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
Publish Date: 2021-02-01
URL: CVE-2020-28493
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
Release Date: 2021-02-01
Fix Resolution: Jinja2 - 2.11.3
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Publish Date: 2020-06-25
URL: CVE-2020-10378
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0/js/bootstrap.min.js
Path to dependency file: /flask-blogger/flaskblog/templates/layout.html
Path to vulnerable library: flask-blogger/flaskblog/templates/layout.html
Dependency Hierarchy:
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
Publish Date: 2020-01-03
URL: CVE-2020-5312
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5312
Release Date: 2020-01-03
Fix Resolution: Pillow - 6.2.2
Step up your Open Source Security Game with WhiteSource here
There is an error with this repository's Mend configuration file that needs to be fixed. As a precaution, scans will stop until it is resolved.
Errors:
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
Publish Date: 2020-01-03
URL: CVE-2020-5311
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5311
Release Date: 2020-01-03
Fix Resolution: Pillow - 6.2.2
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Publish Date: 2021-01-12
URL: CVE-2020-35653
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
Release Date: 2021-01-12
Fix Resolution: 8.1.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
Publish Date: 2019-10-04
URL: CVE-2019-16865
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16865
Release Date: 2019-10-04
Fix Resolution: 6.2.0
Step up your Open Source Security Game with WhiteSource here
There is an error with this repository's WhiteSource configuration file that needs to be fixed. As a precaution, scans will stop until it is resolved.
Errors:
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
Publish Date: 2021-03-19
URL: CVE-2021-25291
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
Publish Date: 2020-01-03
URL: CVE-2020-5313
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5313
Release Date: 2020-01-03
Fix Resolution: Pillow - 6.2.2
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Path to vulnerable library: flask-blogger/News Web Template/js/jquery-2.1.3.min.js
Dependency Hierarchy:
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
Publish Date: 2020-06-25
URL: CVE-2020-10994
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Publish Date: 2021-03-03
URL: CVE-2021-27921
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
Release Date: 2021-03-03
Fix Resolution: Pillow - 8.1.2
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
Publish Date: 2021-03-19
URL: CVE-2021-25293
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.
Publish Date: 2021-06-02
URL: CVE-2021-28677
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28677
Release Date: 2021-06-02
Fix Resolution: Pillow - 8.2.0
Step up your Open Source Security Game with WhiteSource here
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/0d/f3/421598450cb9503f4565d936860763b5af413a61009d87a5ab1e34139672/Pillow-5.4.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to vulnerable library: flask-blogger/requirements.txt
Dependency Hierarchy:
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
Publish Date: 2021-03-19
URL: CVE-2021-25289
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.0.0/js/bootstrap.min.js
Path to dependency file: /flask-blogger/flaskblog/templates/layout.html
Path to vulnerable library: flask-blogger/flaskblog/templates/layout.html
Dependency Hierarchy:
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Publish Date: 2018-07-13
URL: CVE-2018-14041
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:4.1.2
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.slim.min.js
Path to dependency file: /flask-blogger/flaskblog/templates/layout.html
Path to vulnerable library: flask-blogger/flaskblog/templates/layout.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Path to vulnerable library: flask-blogger/News Web Template/js/jquery-2.1.3.min.js
Dependency Hierarchy:
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.