OPENSUSE-SU-2024:11265-1 python36-reportlab-3.5.59-2.6 on GA media

These are all security issues fixed in the python36-reportlab-3.5.59-2.6 package on the GA media of openSUSE Tumbleweed...

CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

Server side request forgery (ssrf)

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

CVE-2020-28463 Server-side Request Forgery (SSRF)

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

MGASA-2020-0059 Updated python-reportlab packages fix security vulnerability

A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution CVE-2019-17626...