VYPR
Critical severityNVD Advisory· Published Oct 16, 2019· Updated Aug 5, 2024

CVE-2019-17626

CVE-2019-17626

Description

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
reportlabPyPI
< 3.5.283.5.28

Affected products

6

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.