Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
{ "cpes": [ "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*" ], "severity": "Critical" }