Vulnerabilities > Reportlab

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-20	CVE-2019-19450	XML Injection (aka Blind XPath Injection) vulnerability in multiple products paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. network low complexity reportlab debian CWE-91 critical	9.8
2023-06-05	CVE-2023-33733	Unspecified vulnerability in Reportlab Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. local low complexity reportlab	7.8
2021-02-18	CVE-2020-28463	Server-Side Request Forgery (SSRF) vulnerability in multiple products All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. network low complexity reportlab fedoraproject CWE-918	6.5
2019-10-16	CVE-2019-17626	XML Injection (aka Blind XPath Injection) vulnerability in Reportlab ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. network low complexity reportlab CWE-91 critical	9.8

Vulnerabilities > Reportlab {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Reportlab"}]}