Vulnerabilites related to reportlab - reportlab
CVE-2023-33733 (GCVE-0-2023-33733)
Vulnerability from cvelistv5
Published
2023-06-05 00:00
Modified
2025-01-08 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-13T18:03:05.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/c53elyas/CVE-2023-33733"
},
{
"name": "FEDORA-2023-553fe307dc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/"
},
{
"name": "FEDORA-2023-3b82f4aa86",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00008.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-33733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T18:40:25.585913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T18:40:31.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-05T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/c53elyas/CVE-2023-33733"
},
{
"name": "FEDORA-2023-553fe307dc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/"
},
{
"name": "FEDORA-2023-3b82f4aa86",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33733",
"datePublished": "2023-06-05T00:00:00",
"dateReserved": "2023-05-22T00:00:00",
"dateUpdated": "2025-01-08T18:40:31.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17626 (GCVE-0-2019-17626)
Vulnerability from cvelistv5
Published
2019-10-16 11:29
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reportlab",
"vendor": "reportlab",
"versions": [
{
"lessThanOrEqual": "3.5.26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-17626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T16:35:28.197886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:10:56.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"
},
{
"name": "RHSA-2020:0197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0197"
},
{
"name": "RHSA-2020:0195",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0195"
},
{
"name": "FEDORA-2020-d2fb999600",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"
},
{
"name": "RHSA-2020:0230",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0230"
},
{
"name": "RHSA-2020:0201",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0201"
},
{
"name": "FEDORA-2020-f3e0ba2f79",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"
},
{
"name": "openSUSE-SU-2020:0160",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"
},
{
"name": "USN-4273-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4273-1/"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2112-1] python-reportlab security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html"
},
{
"name": "DSA-4663",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4663"
},
{
"name": "GLSA-202007-35",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-35"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with \u0027\u003cspan color=\"\u0027 followed by arbitrary Python code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:21.050582",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"
},
{
"url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"
},
{
"name": "RHSA-2020:0197",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0197"
},
{
"name": "RHSA-2020:0195",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0195"
},
{
"name": "FEDORA-2020-d2fb999600",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"
},
{
"name": "RHSA-2020:0230",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0230"
},
{
"name": "RHSA-2020:0201",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0201"
},
{
"name": "FEDORA-2020-f3e0ba2f79",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"
},
{
"name": "openSUSE-SU-2020:0160",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"
},
{
"name": "USN-4273-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4273-1/"
},
{
"name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2112-1] python-reportlab security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html"
},
{
"name": "DSA-4663",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4663"
},
{
"name": "GLSA-202007-35",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202007-35"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17626",
"datePublished": "2019-10-16T11:29:38",
"dateReserved": "2019-10-16T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28463 (GCVE-0-2020-28463)
Vulnerability from cvelistv5
Published
2021-02-18 16:00
Modified
2024-09-17 01:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-side Request Forgery (SSRF)
Summary
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
},
{
"name": "FEDORA-2021-13cdc0ab0e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/"
},
{
"name": "FEDORA-2021-04bfae8300",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/"
},
{
"name": "[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reportlab",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Karan Bamal"
}
],
"datePublic": "2021-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes \u0026 trustedHosts (see in Reportlab\u0027s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -\u003e odyssey -\u003e dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject \u003cimg src=\"http://127.0.0.1:5000\" valign=\"top\"/\u003e 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 6.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-29T21:06:26.944415",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
},
{
"url": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
},
{
"name": "FEDORA-2021-13cdc0ab0e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/"
},
{
"name": "FEDORA-2021-04bfae8300",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/"
},
{
"name": "[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
}
],
"title": "Server-side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28463",
"datePublished": "2021-02-18T16:00:21.220773Z",
"dateReserved": "2020-11-12T00:00:00",
"dateUpdated": "2024-09-17T01:27:03.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19450 (GCVE-0-2019-19450)
Vulnerability from cvelistv5
Published
2023-09-20 00:00
Modified
2024-08-05 02:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/5MicRrr4"
},
{
"name": "[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
},
{
"name": "FEDORA-2024-dc844d0669",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/"
},
{
"name": "FEDORA-2024-6ec4e78241",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with \u0027\u003cunichar code=\"\u0027 followed by arbitrary Python code, a similar issue to CVE-2019-17626."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T04:06:15.437021",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md"
},
{
"url": "https://pastebin.com/5MicRrr4"
},
{
"name": "[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
},
{
"name": "FEDORA-2024-dc844d0669",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/"
},
{
"name": "FEDORA-2024-6ec4e78241",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19450",
"datePublished": "2023-09-20T00:00:00",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-09-20 14:15
Modified
2024-11-21 04:34
Severity ?
Summary
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md | Release Notes | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/ | ||
| cve@mitre.org | https://pastebin.com/5MicRrr4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/5MicRrr4 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| reportlab | reportlab | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75D6540D-C28F-433B-8166-9FEDFD74E7E2",
"versionEndExcluding": "3.5.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with \u0027\u003cunichar code=\"\u0027 followed by arbitrary Python code, a similar issue to CVE-2019-17626."
},
{
"lang": "es",
"value": "paraparser en ReportLab anterior a 3.5.31 permite la ejecuci\u00f3n remota de c\u00f3digo porque start_unichar en paraparser.py eval\u00faa la entrada de un usuario que no es de confianza en un elemento unichar en un documento XML manipulado con \u0027"
}
],
"id": "CVE-2019-19450",
"lastModified": "2024-11-21T04:34:45.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-20T14:15:12.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/5MicRrr4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/5MicRrr4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 16:15
Modified
2025-01-08 19:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/c53elyas/CVE-2023-33733 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/c53elyas/CVE-2023-33733 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/10/msg00008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC629FD3-C403-47AA-A6CA-B8B3AFD018F4",
"versionEndIncluding": "3.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file."
}
],
"id": "CVE-2023-33733",
"lastModified": "2025-01-08T19:15:30.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-06-05T16:15:09.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/c53elyas/CVE-2023-33733"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/c53elyas/CVE-2023-33733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-18 16:15
Modified
2024-11-21 05:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
References
| ▶ | URL | Tags | |
|---|---|---|---|
| report@snyk.io | https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html | ||
| report@snyk.io | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/ | ||
| report@snyk.io | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/ | ||
| report@snyk.io | https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 | Exploit, Release Notes, Third Party Advisory | |
| report@snyk.io | https://www.reportlab.com/docs/reportlab-userguide.pdf | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 | Exploit, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.reportlab.com/docs/reportlab-userguide.pdf | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| reportlab | reportlab | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96329C58-2A30-4D2E-A421-B7FF3BC6CF55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes \u0026 trustedHosts (see in Reportlab\u0027s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -\u003e odyssey -\u003e dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject \u003cimg src=\"http://127.0.0.1:5000\" valign=\"top\"/\u003e 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF"
},
{
"lang": "es",
"value": "Todas las versiones del paquete reportlab son vulnerables a un ataque de tipo Server-side Request Forgery (SSRF) por medio de etiquetas img.\u0026#xa0;Para reducir el riesgo, utilice TrustSchemes y TrustHosts (consulte la documentaci\u00f3n de Reportlab). Pasos para reproducir por Karan Bamal: 1. Descargue e instale el \u00faltimo paquete de reportlab 2. Vaya a demos -) odyssey -) dodyssey 3. En el archivo de texto odyssey.txt que necesita ser convertido a pdf inyecte (img src=\"http://127.0.0.1:5000\" valign= top\" /) 4. Cree un oyente nc nc -lp 5000 5. Ejecute python3 dodyssey.py 6. Recibir\u00e1 un resultado en su nc que muestra que hemos procedido con \u00e9xito a enviar una petici\u00f3n del lado del servidor 7. dodyssey.py mostrar\u00e1 un error ya que no contiene un archivo img en la URL, pero somos capaces de hacer un ataque de tipo SSRF"
}
],
"id": "CVE-2020-28463",
"lastModified": "2024-11-21T05:22:51.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-18T16:15:12.707",
"references": [
{
"source": "report@snyk.io",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
},
{
"source": "report@snyk.io",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-16 12:15
Modified
2024-11-21 04:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0195 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0197 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0201 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2020:0230 | ||
| cve@mitre.org | https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202007-35 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20240719-0006/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4273-1/ | ||
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4663 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0195 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0197 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0201 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2020:0230 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202007-35 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240719-0006/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4273-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4663 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55A25088-FC46-426E-B3CF-E57459E5DE5F",
"versionEndIncluding": "3.5.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with \u0027\u003cspan color=\"\u0027 followed by arbitrary Python code."
},
{
"lang": "es",
"value": "ReportLab versiones hasta 3.5.26, permite la ejecuci\u00f3n de c\u00f3digo remota debido a la funci\u00f3n toColor(eval(arg)) en el archivo colors.py, como es demostrado por un documento XML dise\u00f1ado con \u0027(span color =\"\u0027 seguido de un c\u00f3digo arbitrario de Python."
}
],
"id": "CVE-2019-17626",
"lastModified": "2024-11-21T04:32:39.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-10-16T12:15:12.010",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0195"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0197"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0201"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2020:0230"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202007-35"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240719-0006/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4273-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2020:0230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202007-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240719-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4273-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}