ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

Remote code execution

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

SUSE CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-17626 via reportlab (>=3.1.44 <=3.5.26)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-17626 Source advisory: OSV:GHSA-QPG2-VX7J-3869...

Huawei EulerOS: Security Advisory for python-reportlab (EulerOS-SA-2021-1354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : python-reportlab (EulerOS-SA-2021-1354)

According to the version of the python-reportlab package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document wi...

Debian DSA-4663-1 : python-reportlab - security update

It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this flaw to execute arbitrary code if a specially crafted document is processed. C Tenable Network...

[SECURITY] [DSA 4663-1] python-reportlab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...

Huawei EulerOS: Security Advisory for python-reportlab (EulerOS-SA-2020-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : python-reportlab (EulerOS-SA-2020-1428)

According to the version of the python-reportlab package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document wi...

NewStart CGSL MAIN 4.05 : python-reportlab Vulnerability (NS-SA-2020-0021)

The remote NewStart CGSL host, running version MAIN 4.05, has python-reportlab packages installed that are affected by a vulnerability: - ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with ' %NASLMINLEVEL...

EulerOS 2.0 SP5 : python-reportlab (EulerOS-SA-2020-1129)

According to the version of the python-reportlab package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python PDF generation library.Security Fixes:ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py,...

Amazon Linux 2 : python-reportlab (ALAS-2020-1390)

The version of python-reportlab installed on the remote host is prior to 2.5-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1390 advisory. ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted X...

Ubuntu: Security Advisory (USN-4273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2020:0324-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor bsc1154370...

openSUSE Security Update : python-reportlab (openSUSE-2020-160)

This update for python-reportlab fixes the following issues : - CVE-2019-17626: Fixed a potential remote code execution because of the lack of input sanitization in toColor bsc1154370. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The...

Important: python-reportlab

Issue Overview: ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code. CVE-2019-17626 Affected Packages: python-reportlab Note: This advisory is applicable to...

openSUSE: Security Advisory for python-reportlab (openSUSE-SU-2020:0160-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for python-reportlab (important)

openSUSE Security Update: Security update for python-reportlab Announcement ID: openSUSE-SU-2020:0160-1 Rating: important References: 1154370 Cross-References: CVE-2019-17626 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update fo...