Astra Linux - уязвимость в python-reportlab

All versions of the reportlab package are vulnerable to Server-side Request Forgery SSRF via img tags. To reduce this risk, use trustedSchemes and trustedHosts see Reportlab’s documentation. Steps to reproduce by Karan Bamal: 1. Download and install the latest version of the reportlab package. 2...

Astra Linux - уязвимость в python-reportlab

The paraparser module in ReportLab before version 3.5.31 allows for remote code execution. This occurs because the startunichar function in paraparser.py evaluates untrusted user input as a Unicode character in a crafted XML document. The input includes the string “'code='” followed by arbitrary...

EUVD-2021-0223

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-33733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. CVE-2023-33733 Note that Nessus relies on the presence of t...

Alibaba Cloud Linux 3 : 0130: python-reportlab (ALINUX3-SA-2023:0130)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0130 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-19450: paraparser in ReportLab before 3.5....

bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-19450 via reportlab (>=3.1.44 <=3.5.26)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-19450 Source advisory: OSV:GHSA-PJ98-2XF6-CFF5...

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : ReportLab vulnerability (USN-6196-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6196-1 advisory. It was discovered that ReportLab incorrectly handled certain PDF files. An attacker could possibly use this issue to execute arbitrary code...

SUSE CVE-2023-33733

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file...

alphamap (>=0.0.7 <=0.1.10), angleview (=0.0.0.dev1) +94 more potentially affected by CVE-2023-33733 via reportlab (>=3.1.44 <=3.6.12)

reportlab PYPI version =3.1.44, =0.0.7, =0.0.1.dev1, =5.1.0, =1.1.1, =0.1.0, =0.0.0, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.5.0, =1.0.0 - domdiv =3.8.5 and more Source cves: CVE-2023-33733 Source advisory: OSV:GHSA-9Q9M-C65C-37PQ...

DEBIAN-CVE-2023-33733

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file...

CVE-2023-33733

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file...

Reportlab 安全漏洞

ReportLab is an open source engine for creating data-driven PDF documents and custom vector graphics from ReportLab, Denmark. A security vulnerability exists in Reportlab v3.6.12 and earlier versions, which stems from a vulnerability that allows an attacker to execute arbitrary code by supplying ...

angleview (=0.0.0.dev1), bacant (=3.4.0) +61 more potentially affected by CVE-2020-28463 via reportlab (>=3.1.44 <=3.5.53)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =1.3.0 - invenio-testing =0.1.1 and more Source cves: CVE-2020-28463 Source advisory: OSV:GHSA-MPVW-25MG-59VX...

DEBIAN-CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

angleview (=0.0.0.dev1), bacant (=3.4.0) +61 more potentially affected by CVE-2020-28463 via reportlab (>=3.1.44 <=3.5.53)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =1.3.0 - invenio-testing =0.1.1 and more Source cves: CVE-2020-28463 Source advisory: OSV:PYSEC-2021-146...

UBUNTU-CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

UBUNTU-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...