vulnerability
Oracle Linux: CVE-2022-22817: ELSA-2022-0609: python-pillow security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 2, 2022 | Feb 23, 2022 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 2, 2022
Added
Feb 23, 2022
Modified
Dec 3, 2025
Description
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command.
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command.
Solutions
oracle-linux-upgrade-python3-pilloworacle-linux-upgrade-python3-pillow-develoracle-linux-upgrade-python3-pillow-docoracle-linux-upgrade-python3-pillow-tkoracle-linux-upgrade-python-pilloworacle-linux-upgrade-python-pillow-develoracle-linux-upgrade-python-pillow-docoracle-linux-upgrade-python-pillow-qtoracle-linux-upgrade-python-pillow-saneoracle-linux-upgrade-python-pillow-tk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.