CVE-2023-50447 Information

Description

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Reference

https://github.com/python-pillow/Pillow/releases https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/ https://devhub.checkmarx.com/cve-details/CVE-2023-50447/