CVE-2022-22817 - log back

CVE-2022-22817 created at 06 Apr 2022 20:56:33
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
References
+ https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
+ https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eva
+ https://nvd.nist.gov/vuln/detail/CVE-2022-22817
Notes