High severityNVD Advisory· Published Mar 9, 2024· Updated Feb 13, 2025
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
CVE-2024-28184
Description
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if url_fetcher is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
weasyprintPyPI | >= 61.0, < 61.2 | 61.2 |
Affected products
2- Range: >= 61.0, <= 61.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-35jj-wx47-4w8rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28184ghsaADVISORY
- github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598ghsax_refsource_MISCWEB
- github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8rghsax_refsource_CONFIRMWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/mitre
News mentions
0No linked articles in our index yet.