Security update advisory for python pillow package (CVE-2023-50447, CVE-2022-22817)

Mar 12 2024

Overview

An update has been made available to address a vulnerability in the python pillow package. users of affected versions are advised to update to the latest version.

Affected Products

CVE-2023-50447

python pillow package 10.1.0 or below

CVE-2022-22817

version prior to 9.0.0 of the python pillow package

Resolved Vulnerabilities

PIL.ImageMath.eval arbitrary code execution vulnerability via environment parameters (CVE-2023-50447)

Vulnerability that could allow arbitrary expression evaluation, such as using the Python exec method (CVE-2022-22817)

Vulnerability Patches

vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2023-50447

python pillow package version 10.2.0

CVE-2022-22817

python pillow package version 9.0.0

Referenced Sites

[1] CVE-2023-50447 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-50447
[2] Arbitrary Code Execution in Pillow
https://duartecsantos.github.io/2023-01-02-CVE-2023-50447/
[3] CVE-2022-22817 Detail
https://nvd.nist.gov/vuln/detail/CVE-2022-22817#range-10126667
[4] Fredrik Lundh
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval

Security update advisory for python pillow package (CVE-2023-50447, CVE-2022-22817)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Fortinet Family (FortiMail, FortiPortal, and others) Security Update Recommendations

WordPress Plugin Security Update Advisory (CVE-2023-6000)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Fortinet Family (FortiMail, FortiPortal, and others) Security Update Recommendations

WordPress Plugin Security Update Advisory (CVE-2023-6000)