Duarte Santos

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 10.2.0 **Description** The issue is related to the incorrect management of code generation in the `eval()` function of the ImageMath module in the Pillow library when processing the `environment` parameter. This can allow a remote attacker to execute arbitrary code. The vulnerability is different from previous issues and can expose Python projects to risk. **Recommendations** For Pillow versions prior to 10.2.0, update to version 10.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the `eval()` function in the ImageMath module until a patch is available. Restrict access to the `environment` parameter in the affected API endpoint to minimize the risk of exploitation.