CVE-2019-19450
- EPSS 6.4%
- Published 20.09.2023 14:15:12
- Last modified 21.11.2024 04:34:45
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a simila...
CVE-2023-33733
- EPSS 27.11%
- Published 05.06.2023 16:15:09
- Last modified 08.01.2025 19:15:30
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
CVE-2020-28463
- EPSS 0.67%
- Published 18.02.2021 16:15:12
- Last modified 21.11.2024 05:22:51
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and inst...
CVE-2019-17626
- EPSS 16.84%
- Published 16.10.2019 12:15:12
- Last modified 21.11.2024 04:32:39
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.