rpm package
opensuse/python-reportlab&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/python-reportlab&distro=openSUSE%20Leap%2015.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19450 | — | < 3.4.0-150000.3.12.1 | 3.4.0-150000.3.12.1 | Sep 20, 2023 | paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | ||
| CVE-2023-33733 | — | < 3.4.0-150000.3.9.1 | 3.4.0-150000.3.9.1 | Jun 5, 2023 | Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. |
- CVE-2019-19450Sep 20, 2023affected < 3.4.0-150000.3.12.1fixed 3.4.0-150000.3.12.1
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
- CVE-2023-33733Jun 5, 2023affected < 3.4.0-150000.3.9.1fixed 3.4.0-150000.3.9.1
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.