Filtered by vendor Reportlab Subscriptions
Filtered by product Reportlab Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-33733 1 Reportlab 1 Reportlab 2024-11-21 7.8 High
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
CVE-2020-28463 2 Fedoraproject, Reportlab 2 Fedora, Reportlab 2024-11-21 6.5 Medium
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
CVE-2019-19450 3 Debian, Redhat, Reportlab 7 Debian Linux, Enterprise Linux, Rhel Aus and 4 more 2024-11-21 9.8 Critical
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
CVE-2019-17626 2 Redhat, Reportlab 3 Enterprise Linux, Rhel E4s, Reportlab 2024-11-21 9.8 Critical
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.