Pillow up to and including 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python pillow |
||
debian debian linux 10.0 |