vulnerability
Oracle Linux: CVE-2022-22817: ELSA-2022-0609: python-pillow security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 2022-01-02 | 2022-02-23 | 2025-01-07 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
2022-01-02
Added
2022-02-23
Modified
2025-01-07
Description
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command.
A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command.
Solution(s)
oracle-linux-upgrade-python3-pilloworacle-linux-upgrade-python3-pillow-develoracle-linux-upgrade-python3-pillow-docoracle-linux-upgrade-python3-pillow-tkoracle-linux-upgrade-python-pilloworacle-linux-upgrade-python-pillow-develoracle-linux-upgrade-python-pillow-docoracle-linux-upgrade-python-pillow-qtoracle-linux-upgrade-python-pillow-saneoracle-linux-upgrade-python-pillow-tk
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.