Lucene search

K
redosRedosROS-20240524-02
HistoryMay 24, 2024 - 12:00 a.m.

ROS-20240524-02

2024-05-2400:00:00
redos.red-soft.ru
1
reportlab
vulnerability
code execution
remote attacker
xml document
security restrictions

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

A vulnerability in the rl_safe_eval() function of the ReportLab library is related to incorrect code generation control.
Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions and execute arbitrary code.
security restrictions and execute arbitrary code

Vulnerability of the start_unichar function (paraparser.py) of the ReportLab library is related to an error in processing of an
XML document. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code.
arbitrary code

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64python3-reportlab<= 3.6.12-1UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%