CVE-2023-50447

Опубликовано: 19 янв. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 8.1

Описание

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	released	10.2.0-1
esm-infra-legacy/trusty	needs-triage
esm-infra/bionic	needs-triage
esm-infra/focal	not-affected	7.0.0-4ubuntu0.8
esm-infra/xenial	needs-triage
focal	released	7.0.0-4ubuntu0.8
jammy	released	9.0.1-1ubuntu0.2
lunar	ignored	end of life, was needed
mantic	released	10.0.0-1ubuntu0.1

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-apps/focal	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
oracular	DNE
plucky	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%

0.00554

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2023-50447

CVSS3: 8.1

redhat

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

nvd

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVE-2023-50447

CVSS3: 8.1

debian

больше 1 года назад

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Executi ...

openSUSE-SU-2024:0125-1

suse-cvrf

около 1 года назад

Security update for python-Pillow

SUSE-SU-2024:0205-1

suse-cvrf

больше 1 года назад

Security update for python-Pillow

EPSS

Процентиль: 67%

0.00554

Низкий

8.1 High

CVSS3

CVE-2023-50447

Описание

Пакет pillow

Пакет pillow-python2

Ссылки на источники

Связанные уязвимости