Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 10.0 | |
pillow | le | 10.1.0 |