Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS05cTltLWM2NWMtMzdwcc4AAzoq

High EPSS: 0.27482% (0.96218 Percentile) EPSS:
Permalink JSON

Reportlab vulnerable to remote code execution

Affected Packages Affected Versions Fixed Versions
pypi:reportlab
PURL: pkg:pypi/reportlab
<= 3.6.12 3.6.13
332 Dependent packages
13,661 Dependent repositories
26,052,753 Downloads last month

Affected Version Ranges

All affected versions

3.1.8, 3.1.44, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.4, 3.5.5, 3.5.6, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.5.20, 3.5.21, 3.5.23, 3.5.26, 3.5.28, 3.5.31, 3.5.32, 3.5.34, 3.5.42, 3.5.44, 3.5.45, 3.5.46, 3.5.47, 3.5.48, 3.5.49, 3.5.50, 3.5.51, 3.5.52, 3.5.53, 3.5.54, 3.5.55, 3.5.56, 3.5.57, 3.5.58, 3.5.59, 3.5.62, 3.5.63, 3.5.64, 3.5.65, 3.5.66, 3.5.67, 3.5.68, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12

All unaffected versions

3.6.13, 4.0.0, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.2.0, 4.2.2, 4.2.4, 4.2.5, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5

Reportlab up to and including v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

References:

Identifiers

GHSA-9q9m-c65c-37pq

CVE-2023-33733

Risk

Severity

High

EPSS

EPSS Percentage: 0.27482

EPSS Percentile: 0.96218

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/c53elyas/CVE-2023-33733

Date and time

Published

over 2 years ago

Updated

16 days ago

API

JSON