mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
735 B
735 B
CVE-2023-50447
Description
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
POC
Reference
- https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
- https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/
Github
No PoCs found on GitHub currently.