Pillow version in use by this plugin is reported as vulnerable to CVE-2022-22817
https://nvd.nist.gov/vuln/detail/CVE-2022-22817
- Is there any plan to move to pillow version 9?
- Is there any risk to users of this plugin from this component vulnerability?
I work in a corporate environment where component security is fairly locked down. It would be more straightforward to install this with a vulnerability free component composition.
Pillow version in use by this plugin is reported as vulnerable to CVE-2022-22817
https://nvd.nist.gov/vuln/detail/CVE-2022-22817
I work in a corporate environment where component security is fairly locked down. It would be more straightforward to install this with a vulnerability free component composition.