Lucene search

K
vulnrichmentMitreVULNRICHMENT:CVE-2022-22817
HistoryJan 07, 2022 - 12:00 a.m.

CVE-2022-22817

2022-01-0700:00:00
mitre
github.com
10
pillow
arbitrary expressions
python exec

AI Score

7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.