Reportlab Security Vulnerabilities and Issues — Reportlab CVE List

Lucene search

ReportlabReportlab

4 matches found

CVE•added 2019/10/16 12:15 p.m.•280 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

9.8CVSS9.6AI score0.27507EPSS

CVE•added 2021/02/18 4:15 p.m.•169 views

CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demo...

6.5CVSS6.6AI score0.00671EPSS

CVE•added 2023/06/05 4:15 p.m.•115 views

CVE-2023-33733

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

7.8CVSS7.6AI score0.27581EPSS

CVE•added 2023/09/20 2:15 p.m.•101 views

CVE-2019-19450

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

9.8CVSS9.7AI score0.27507EPSS