cve/2021/CVE-2021-23437.md

CVE-2021-23437

Description

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

POC

Reference

No PoCs from references.

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/NaInSec/CVE-LIST
• https://github.com/arneso-ssb/py-r-vul-examples
• https://github.com/engn33r/awesome-redos-security
• https://github.com/nnrogers515/discord-coderbot