{"id":"MGASA-2024-0018","summary":"Updated python-pillow packages fix a security vulnerability","details":"This update fixes the following security issue:\nPillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution\nvia the environment parameter This is a different vulnerability than\nCVE-2022-22817 (which was about the expression parameter).\n","modified":"2026-04-16T04:44:41.481374182Z","published":"2024-01-30T20:57:03Z","upstream":["CVE-2023-50447"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0018.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32756"}],"affected":[{"package":{"name":"python-pillow","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/python-pillow?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2.0-3.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0018.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}