CVE-2023-44464

EUVD-2023-2480
pretix before 2023.7.2 allows Pillow to parse EPS files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
ramipretix
𝑥
< 4.20.4
ramipretix
2023.6.0 ≤
𝑥
< 2023.6.3
ramipretix
2023.7.0 ≤
𝑥
< 2023.7.2
𝑥
= Vulnerable software versions
References
https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e
https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2
https://github.com/pretix/pretix/tags
https://pretix.eu/about/de/blog/20230912-release-2023-7-2/
https://pretix.eu/about/en/ticketing
https://github.com/pretix/pretix/commit/8583bfb7d97263e9e923ad5d7f123ca1cadc8f2e
https://github.com/pretix/pretix/compare/v2023.7.1...v2023.7.2
https://github.com/pretix/pretix/tags
https://pretix.eu/about/de/blog/20230912-release-2023-7-2/
https://pretix.eu/about/en/ticketing