CVE-2023-50447

Published January 19th, 2024

View on NVD ↗

CVSS v3

8.1

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

python-pillow/Pillow

Python Imaging Library (fork)

GitHub

13.6K