CVE-2022-22817
Improper Control of Generation of Code ('Code Injection') in pypi/Pillow
Identifiers
CVE-2022-22817
Package Slug
pypi/Pillow
Vulnerability
Improper Control of Generation of Code ('Code Injection')
Description
PIL.ImageMath.eval in Pillow allows evaluation of arbitrary expressions, such as ones that use the Python exec method.
Affected Versions
All versions before 9.0.1
Solution
Upgrade to version 9.0.1 or above.
Last Modified
2022-01-21
| source |