[17.0][SEC] CVSS 8.8 SBOM Dep. pillow 9.0.1 & 9.4.0 vulnerabilities
wilsonmar opened this issue · comments
Wilson Mar commented
After obtaining dependency SBOM from odoo v17.0 at 6f6763b
Run of
osv-scanner scan -S odoo_odoo_6f6763b6728335b0728645806d77a0cb7453ffc7.json
reported vulnerabilities identified at:
╭─────────────────────────────────────┬──────┬──────────────┬────────
│ OSV URL │ CVSS │ PACKAGE │ VERSION
├─────────────────────────────────────┼──────┼──────────────┼────────
│ https://osv.dev/GHSA-3f63-hfp8-52jq │ 8.1 │ pillow │ 9.0.1
│ https://osv.dev/GHSA-44wm-f244-xhp3 │ 6.7 │ pillow │ 9.0.1
│ https://osv.dev/GHSA-56pw-mpj4-fxww │ │ pillow │ 9.0.1
│ https://osv.dev/GHSA-8ghj-p4vj-mr35 │ 7.5 │ pillow │ 9.0.1
│ https://osv.dev/PYSEC-2023-227 │ │ │
│ https://osv.dev/GHSA-j7hp-h8jx-5ppr │ 8.8 │ pillow │ 9.0.1
│ https://osv.dev/GHSA-m2vv-5vj5-2hm7 │ 7.5 │ pillow │ 9.0.1
│ https://osv.dev/PYSEC-2022-42979 │ │ │
│ https://osv.dev/PYSEC-2023-175 │ │ pillow │ 9.0.1
│ https://osv.dev/GHSA-3f63-hfp8-52jq │ 8.1 │ pillow │ 9.4.0
│ https://osv.dev/GHSA-44wm-f244-xhp3 │ 6.7 │ pillow │ 9.4.0
│ https://osv.dev/GHSA-56pw-mpj4-fxww │ │ pillow │ 9.4.0
│ https://osv.dev/GHSA-8ghj-p4vj-mr35 │ 7.5 │ pillow │ 9.4.0
│ https://osv.dev/PYSEC-2023-227 │ │ │
│ https://osv.dev/GHSA-j7hp-h8jx-5ppr │ 8.8 │ pillow │ 9.4.0
│ https://osv.dev/PYSEC-2023-175 │ │ pillow │ 9.4.0
Martin Trigaux commented
Same as #165042 (comment), need proof it is applicable and not the proper report channel.