UBUNTU-CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

PYSEC-2021-146

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

CVE-2020-28463

CVE-2020-28463 affects the Python ReportLab library and describes a Server-Side Request Forgery (SSRF) via img tags. The connected documents confirm the vulnerability, its SSRF nature via image tags, and mitigation guidance to reduce risk by using trustedSchemes and trustedHosts (as documented by...

CVE-2020-28463 Server-side Request Forgery (SSRF)

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

ReportLab 代码问题漏洞

ReportLab is a Danish ReportLab company for the creation of data-driven PDF documents and custom vector graphics open source engine . A security vulnerability exists in Reportlab. The vulnerability stems from a server-side request forgery vulnerability that can be triggered by img tags. Currently...

CentOS 8 : python-reportlab (CESA-2020:0201)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2020:0201 advisory. - python-reportlab: code injection in colors.py allows attacker to execute code CVE-2019-17626 Note that Nessus has not tested for this issue but has instead...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-reportlab Vulnerability (NS-SA-2020-0109)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-reportlab packages installed that are affected by a vulnerability: - ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with ' C...

Server-side Request Forgery (SSRF)

Overview reportlab is a Python library for generating PDFs and graphics. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation, introduced in version 3.5.55...

angleview (=0.0.0.dev1), bacant (=3.4.0) +61 more potentially affected by CVE-2020-28463 via reportlab (>=3.1.44 <=3.5.53)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =1.3.0 - invenio-testing =0.1.1 and more Source cves: CVE-2020-28463 Source advisory: SNYK:PYTHON-REPORTLAB-1022145...

PT-2020-6960 · Reportlab +2 · Reportlab +2

Name of the Vulnerable Software and Affected Versions: reportlab versions prior to the version with the fix Description: The issue is related to Server-side Request Forgery SSRF via img tags. It allows a remote attacker to access confidential data due to insufficient request validation. To reduce...

ReportLab: Arbitrary code execution

Background ReportLab is an Open Source Python library for generating PDFs and graphics. Description ReportLab was found to be mishandling XML documents and may evaluate the contents without checking for their safety. Impact A remote attacker could possibly execute arbitrary code with the privileg...

GLSA-202007-35 : ReportLab: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202007-35 ReportLab: Arbitrary code execution ReportLab was found to be mishandling XML documents and may evaluate the contents without checking for their safety. Impact : A remote attacker could possibly execute arbitrary code wi...

python-reportlab bug fix and enhancement update

An update is available for python-reportlab. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python-reportlab bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALBA-2020:1741 python-reportlab bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Debian DSA-4663-1 : python-reportlab - security update

It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this flaw to execute arbitrary code if a specially crafted document is processed. C Tenable Network...

Debian: Security Advisory (DSA-4663-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4663-1] python-reportlab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4663-1] python-reportlab security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4663-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2020 https://www.debian.org/security/faq -...