GMS-2023-3137: Bundled libwebp in Pillow vulnerable
Pillow versions before v10.0.1 bundled libwebp binaries in wheels that is vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.
References
Detect and mitigate GMS-2023-3137 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →