VYPR

rpm package

suse/python-reportlab&distro=SUSE Linux Enterprise Workstation Extension 12 SP5

pkg:rpm/suse/python-reportlab&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Vulnerabilities (4)

  • CVE-2019-19450Sep 20, 2023
    affected < 2.7-3.16.1fixed 2.7-3.16.1

    paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

  • CVE-2023-33733Jun 5, 2023
    affected < 2.7-3.13.1fixed 2.7-3.13.1

    Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

  • CVE-2020-28463Feb 18, 2021
    affected < 2.7-3.8.1fixed 2.7-3.8.1

    All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of repo

  • CVE-2019-17626Oct 16, 2019
    affected < 2.7-3.3.1fixed 2.7-3.3.1

    ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.