CVE-2022-24303 Pillow before version 9.0.1 allows attackers to delete files if spaces are mishandled.

CVE-2022-24303 Pillow before version 9.0.1 allows attackers to delete files if spaces are mishandled.

An attacker can leverage this flaw to access or alter files on the system. This issue was addressed by avoiding the use of spaces in temporary pathnames.

A file named .bashrc could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .git could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .nginx could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .emacs could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .bash_log could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .mysql could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .vim could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .log could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .git_repository could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .gitignore

File Existence and Access

A file named .bashrc could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .git could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .nginx could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .emacs could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

A file named .bash_log could be deleted from the system. An attacker can leverage this issue to delete arbitrary files on the system.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe