Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2019-19450

Medium priority
Needs evaluation

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary...

1 affected packages

python-reportlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-reportlab Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2023-33733

High priority

Some fixes available 6 of 8

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

1 affected packages

python-reportlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-reportlab Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2020-28463

Low priority
Needs evaluation

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal:...

1 affected packages

python-reportlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-reportlab Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-17626

Medium priority

Some fixes available 3 of 4

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

1 affected packages

python-reportlab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-reportlab Fixed Fixed
Show less packages