CVE-2022-22817 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Unknown
Remote	Unknown
Type	Unknown
Description	PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.

References
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eva https://nvd.nist.gov/vuln/detail/CVE-2022-22817

References

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eva
https://nvd.nist.gov/vuln/detail/CVE-2022-22817