All vulnerabilities
CVE-2023-50447
Arbitrary Code Execution in Pillow
Description
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
Python
Publish Date
January 19, 2024
Modified Date
February 13, 2025
Score Vector
Affected Versions
