paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with...
9.8CVSS
9.6AI Score
0.006EPSS
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF...
7.8CVSS
7.6AI Score
0.001EPSS
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to...
6.5CVSS
6.5AI Score
0.002EPSS
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with...
9.8CVSS
9.6AI Score
0.051EPSS