CVE-2022-22817
pypi/Pillow
Improper Control of Generation of Code ('Code Injection')
PIL.ImageMath.eval
in Pillow allows evaluation of arbitrary expressions, such as ones that use the Python exec
method.
All versions before 9.0.1
Upgrade to version 9.0.1 or above.
2022-01-21
source |