Lucene search
GoogleOSV:BIT-PILLOW-2022-22817HistoryMar 06, 2024 - 11:02 a.m.
BIT-pillow-2022-22817
2024-03-0611:02:31
Google
osv.dev
3
pillow
vulnerability
arbitrary expressions
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
References
lists.debian.org/debian-lts-announce/2022/01/msg00018.html
lists.debian.org/debian-lts-announce/2024/03/msg00021.html
pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
security.gentoo.org/glsa/202211-10
www.debian.org/security/2022/dsa-5053
Related
veracode
veracode
Information Dislcosure
2022-01-11 08:52:21
cvelist
cvelist
CVE-2022-22817
2022-01-07 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Pillow vulnerability (USN-5227-3)
2022-10-25 00:00:00
Oracle Linux 7 : python-pillow (ELSA-2022-0609)
2022-02-23 00:00:00
redhatcve
redhatcve
CVE-2022-22817
2022-01-19 16:52:40
alpinelinux
alpinelinux
CVE-2022-22817
2022-01-10 14:12:00
CVE-2023-50447
2024-01-19 20:15:11
osv
osv
CVE-2022-22817
2022-01-10 14:12:55
PYSEC-2022-10
2022-01-10 14:12:00
Arbitrary expression injection in Pillow
2022-01-12 20:07:33
cnvd
cnvd
Pillow input validation error vulnerability
2022-01-14 00:00:00
github
github
Arbitrary expression injection in Pillow
2022-01-12 20:07:33
Arbitrary Code Execution in Pillow
2024-01-19 21:30:35
cve
cve
CVE-2022-22817
2022-01-10 14:12:00
CVE-2023-50447
2024-01-19 20:15:11
prion
prion
Design/Logic Flaw
2022-01-10 14:12:00
Code injection
2024-01-19 20:15:00
ubuntucve
ubuntucve
CVE-2022-22817
2022-01-10 00:00:00
CVE-2023-50447
2024-01-19 00:00:00
debiancve
debiancve
CVE-2022-22817
2022-01-10 14:12:00
CVE-2023-50447
2024-01-19 20:15:11
almalinux
almalinux
Important: python-pillow security update
2022-02-22 17:25:31
redhat
redhat
(RHSA-2022:0667) Important: python-pillow security update
2022-02-24 09:24:19
(RHSA-2022:0669) Important: python-pillow security update
2022-02-24 09:24:23
(RHSA-2022:0665) Important: python-pillow security update
2022-02-24 09:24:17
openvas
openvas
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1577)
2024-05-10 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1617)
2024-05-15 00:00:00
Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2024-1600)
2024-05-10 00:00:00
centos
centos
python security update
2022-02-25 15:38:05
oraclelinux
oraclelinux
python-pillow security update
2022-02-23 00:00:00
python-pillow security update
2022-02-23 00:00:00
mageia
mageia
Updated python-pillow packages fix a security vulnerability
2024-01-30 23:57:03
Updated python-pillow packages fix security vulnerability
2022-05-12 13:24:45
f5
f5
K000138866 : Python Pillow vulnerability CVE-2023-50447
2024-03-09 00:00:00
K23413369 : Python-Pillow vulnerabilities CVE-2022-22816, CVE-2022-22817
2022-05-06 00:00:00
amazon
amazon
Important: python-pillow
2024-02-01 19:57:00
Important: python-pillow
2022-04-25 22:58:00
Important: python-pillow
2022-04-25 22:58:00
rocky
rocky
python-pillow security update
2022-02-22 17:25:31
fedora
fedora
[SECURITY] Fedora 34 Update: mingw-python-pillow-8.1.2-5.fc34
2022-02-04 01:23:01
[SECURITY] Fedora 35 Update: python-pillow-8.3.2-2.fc35
2022-02-04 01:23:32
[SECURITY] Fedora 34 Update: python-pillow-8.1.2-6.fc34
2022-02-04 01:23:01
debian
debian
[SECURITY] [DLA 3768-1] pillow security update
2024-03-22 10:06:44
[SECURITY] [DLA 2893-1] pillow security update
2022-01-23 18:58:44
[SECURITY] [DSA 5053-1] pillow security update
2022-01-21 19:26:01
redos
redos
ROS-20220128-02
2022-01-28 00:00:00
ubuntu
ubuntu
Pillow vulnerability
2022-10-24 00:00:00
Pillow vulnerabilities
2022-01-13 00:00:00
Pillow vulnerabilities
2022-01-17 00:00:00
gentoo
gentoo
Pillow: Multiple Vulnerabilities
2022-11-22 00:00:00
