CVE-2014-1933: Temporary file name leakage
(updated )
In JpegImagePlugin.py, the load_jpeg(self) method generates a temporary file name and sends it to an external process. It is possible to alter the target file before it is read since the command line arguments are not kept secret.
References
Detect and mitigate CVE-2014-1933 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →