Security News > 2023 > May > Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects to generate PDF files from HTML input.
ReportLab Toolkit is used by multiple projects as a PDF library and has approximately 3.5 million monthly downloads on PyPI. The problem stems from the ability to bypass sandbox restrictions on 'rl safe eval,' whose role is to prevent malicious code execution, leading to the attacker accessing potentially dangerous Python built-in functions.
The researcher notes that the entire exploit code must be run with eval in a single expression, so it uses the 'list comprehension' trick to structure it as such.
The Cure53 researcher, Elyas Damej, warns in his write-up that the exploitation of CVE-2023-33733 is as simple as incorporating malicious code in an HTML file that will be converted to PDF on software that uses the ReportLab library.
The widespread use of the library and a public exploit puts many users at risk.
The researcher clarified that the vulnerability impacts all earlier versions of the library.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-05 | CVE-2023-33733 | Unspecified vulnerability in Reportlab Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. | 7.8 |