Filtered by vendor Reportlab
Subscriptions
Filtered by product Reportlab
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28463 | 2 Fedoraproject, Reportlab | 2 Fedora, Reportlab | 2024-09-17 | 6.5 Medium |
| All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF | ||||
| CVE-2019-19450 | 3 Debian, Redhat, Reportlab | 7 Debian Linux, Enterprise Linux, Rhel Aus and 4 more | 2024-08-05 | 9.8 Critical |
| paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | ||||
| CVE-2019-17626 | 2 Redhat, Reportlab | 3 Enterprise Linux, Rhel E4s, Reportlab | 2024-08-05 | 9.8 Critical |
| ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. | ||||
| CVE-2023-33733 | 1 Reportlab | 1 Reportlab | 2024-08-02 | 7.8 High |
| Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | ||||
Page 1 of 1.