Skip to main content

Reportlab

2 CVEs product

Monthly

CVE-2023-33733 PyPI HIGH POC PATCH This Week

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reportlab
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-17626 PyPI CRITICAL POC PATCH THREAT Act Now

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Reportlab
NVD
CVSS 3.1
9.8
EPSS
10.2%
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reportlab
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Reportlab
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy