Search CVE reports
1 – 4 of 4 results
CVE-2019-19450
Medium priorityparaparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary...
1 affected packages
python-reportlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-reportlab | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2023-33733
High prioritySome fixes available 7 of 9
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
1 affected packages
python-reportlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-reportlab | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2020-28463
Low priorityAll versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal:...
1 affected packages
python-reportlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-reportlab | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-17626
Medium prioritySome fixes available 3 of 4
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
1 affected packages
python-reportlab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-reportlab | — | — | — | Fixed | Fixed |