reportlab is vulnerable to Arbitrary Code Execution. An attacker can inject and execute malicious code when transforming HTML to pdf through a maliciously crafted pdf.
github.com/advisories/GHSA-9q9m-c65c-37pq
github.com/c53elyas/CVE-2023-33733
hg.reportlab.com/hg-public/reportlab/rev/1c39d2db15bb
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/
lists.fedoraproject.org/archives/list/[email protected]/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/
lists.fedoraproject.org/archives/list/[email protected]/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/