Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade python-pillow to latest version. current version of python-pillow used by xhtml2pdf has vulnerability #758

Open
natrajms opened this issue Mar 28, 2024 · 1 comment
Open

upgrade python-pillow to latest version. current version of python-pillow used by xhtml2pdf has vulnerability #758

natrajms opened this issue Mar 28, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@natrajms
Copy link

Describe the Bug

upgrade python-pillow to latest version. current version of python-pillow (10.1.0) used by xhtml2pdf has vulnerability (CVE-2023-50447) and is fixed in latest version of python-pillow.

Minimal Example to Reproduce

Scan the xhtml2pdf in Snyk to find the vulnerability.

Expected Behavior

All dependent component should not have any vulnerabilities

Actual Behavior

dependent component have known vulnerabilities

Additional Information

Traceback

System Information

OS version: Windows 11
Python version: 3.10.2
XHTML2PDF version: 0.2.15
@natrajms natrajms added the bug Something isn't working label Mar 28, 2024
@stefan6419846
Copy link
Contributor

xhtml2pdf allows for Pillow>=8.1.1. What is wrong with this? xhtml2pdf does not seem to force you into using Pillow==10.1.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefan6419846 @natrajms