Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reportlab reportlab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-19450
paraparser in ReportLab prior to 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to...
Reportlab Reportlab
Debian Debian Linux 10.0
NA
CVE-2023-33733
Reportlab up to v3.6.12 allows malicious users to execute arbitrary code via supplying a crafted PDF file.
Reportlab Reportlab
3 Github repositories
6.5
CVSSv2
CVE-2021-36359
OrbiTeam BSCW Classic prior to 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5....
Bscw Bscw Classic
4
CVSSv2
CVE-2020-28463
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest packag...
Reportlab Reportlab
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4 Github repositories
7.5
CVSSv2
CVE-2019-17626
ReportLab up to and including 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
Reportlab Reportlab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started