eliott/browser-use
1
0
Fork 0
mirror of https://github.com/browser-use/browser-use synced 2026-04-22 17:45:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Bump pillow 12.1.1 -> 12.2.0 to patch CVE-2026-40192

Browse Source 
GHSA-whj4-6x5x-4v2j: FITS GZIP decompression bomb in Pillow < 12.2.0.
Pillow 10.3.0-12.1.1 did not bound GZIP-compressed reads when decoding
FITS images, enabling a memory-exhaustion DoS via a crafted FITS file.
Fixed upstream in 12.2.0.
This commit is contained in:
Saurav Panda
2026-04-20 18:39:05 -07:00
parent d1690e510a
commit e7b0caac9f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pyproject.toml
View File

@@ -41,7 +41,7 @@ dependencies = [
"reportlab==4.4.9",
"cdp-use==1.4.5",
"pyotp==2.9.0",
"pillow==12.1.1",
"pillow==12.2.0",
"cloudpickle==3.1.2",
"markdownify==1.2.2",
"python-docx==1.2.0",