GHSA-3f63-hfp8-52jq

Опубликовано: 19 янв. 2024

Источник: github

Github: Прошло ревью

CVSS4: 9.3

CVSS3: 8.1

Описание

Arbitrary Code Execution in Pillow

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Ссылки

Пакеты

Наименование

Pillow

pip

Затронутые версииВерсия исправления

< 10.2.0

10.2.0

EPSS

Процентиль: 67%

0.00554

Низкий

9.3 Critical

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2023-50447

Дефекты

CWE-94

CWE-95

Связанные уязвимости

CVE-2023-50447

CVSS3: 8.1

ubuntu

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

redhat

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

nvd

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

debian

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...

openSUSE-SU-2024:0125-1

suse-cvrf

около 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 67%

0.00554

Низкий

9.3 Critical

CVSS4

8.1 High

CVSS3

CVE ID

CVE-2023-50447

Дефекты

CWE-94

CWE-95