VYPR
Critical severityNVD Advisory· Published Sep 20, 2023· Updated Aug 5, 2024

CVE-2019-19450

CVE-2019-19450

Description

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
reportlabPyPI
< 3.5.313.5.31

Affected products

8

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.