keithrozario
commented
8 months ago This should be automatically updated on the 01-Feb. I'll check again once it's built.
Closed chrismaille closed 8 months ago
keithrozario
commented
8 months ago This should be automatically updated on the 01-Feb. I'll check again once it's built.
keithrozario
commented
8 months ago Already updated. Thanks for bringing this to the attention of the team :)
Is your feature request related to a problem? Please describe. Please upgrade Pillow package for 10.2.0 in Python 3.10 and 3.11 layers
Additional context Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).