CVE-2021-23437 vulnerability in Python and Other Products
Published on September 3, 2021

Regular Expression Denial of Service (ReDoS)

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-23437 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2021-23437

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-23437 are published in these products:

Python Pillow

Fedora Project Fedora

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.21%

Percentile

43.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-23437 vulnerability in Python and Other ProductsPublished on September 3, 2021

Vulnerability Analysis

Products Associated with CVE-2021-23437

Exploit Probability

CVE-2021-23437 vulnerability in Python and Other Products
Published on September 3, 2021