XML Injection in ReportLab

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

GHSA-QPG2-VX7J-3869 XML Injection in ReportLab

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

Mageia: Security Advisory (MGASA-2021-0521)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0521 Updated python-reportlab packages fix security vulnerability

Server-side Request Forgery SSRF...

Updated python-reportlab packages fix security vulnerability

Server-side Request Forgery SSRF...

Fedora: Security Advisory for python-reportlab (FEDORA-2021-13cdc0ab0e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-reportlab (FEDORA-2021-04bfae8300)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: python-reportlab-3.6.2-1.fc35

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

[SECURITY] Fedora 34 Update: python-reportlab-3.6.2-1.fc34

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

SUSE SLED12 / SLES12 Security Update : python-reportlab (SUSE-SU-2021:3209-1)

The remote SUSE Linux SLED12 / SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:3209-1 advisory. - All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedScheme...

SUSE-SU-2021:3209-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503. - Add missing import in CVE-2020-28463 fix bsc1190110...

BSCW Server XML Injection Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an XML tag injection vulnerability. ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version:...

BSCW Server XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server...

Remote code execution

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

openSUSE 15 Security Update : python-reportlab (openSUSE-SU-2021:1147-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1147-1 advisory. - All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes &...

OPENSUSE-SU-2021:1147-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503. This update was imported from the SUSE:SLE-15:Update update project...

openSUSE: Security Advisory for python-reportlab (openSUSE-SU-2021:1147-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for python-reportlab (moderate)

openSUSE Security Update: Security update for python-reportlab Announcement ID: openSUSE-SU-2021:1147-1 Rating: moderate References: 1182503 Cross-References: CVE-2020-28463 CVSS scores: CVE-2020-28463 NVD : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-28463 SUSE: 5...