CVE-2022-22817

Published: Jan 7, 2022

Modified: Oct 15, 2024

PUBLISHED

Description

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval

[debian-lts-announce] 20220123 [SECURITY] [DLA 2893-1] pillow security update

mailing-list

DSA-5053

vendor-advisory

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security

GLSA-202211-10

vendor-advisory

[debian-lts-announce] 20240322 [SECURITY] [DLA 3768-1] pillow security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-22817

Description

Affected Products

References