SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

OVAL

ALAS2023-2024-512 --- python-pillow

ID: oval:org.secpod.oval:def:19500599	Date: (C)2024-02-13 (M)2024-04-03
Class: PATCH	Family: unix

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817

Platform:

Amazon Linux 2023

Product:

python-pillow

python3-pillow

Reference:

ALAS2023-2024-512