Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-19T00:00:00
Updated: 2024-08-02T22:16:46.654Z
Reserved: 2023-12-10T00:00:00
Link: CVE-2023-50447
Vulnrichment
Updated: 2024-08-02T22:16:46.654Z
NVD
Status : Modified
Published: 2024-01-19T20:15:11.870
Modified: 2024-11-21T08:37:00.967
Link: CVE-2023-50447
Redhat