Описание
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- Release Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Release Notes
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.1.0 (включая)
cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00554
Низкий
8.1 High
CVSS3
Дефекты
CWE-94
CWE-95
Связанные уязвимости
CVSS3: 8.1
ubuntu
больше 1 года назад
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
CVSS3: 8.1
redhat
больше 1 года назад
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
CVSS3: 8.1
debian
больше 1 года назад
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...
EPSS
Процентиль: 67%
0.00554
Низкий
8.1 High
CVSS3
Дефекты
CWE-94
CWE-95