Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05cTltLWM2NWMtMzdwcc4AAzoq

Reportlab vulnerable to remote code execution

Reportlab up to and including v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

Permalink: https://github.com/advisories/GHSA-9q9m-c65c-37pq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05cTltLWM2NWMtMzdwcc4AAzoq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Percentage: 0.0008
EPSS Percentile: 0.35675

Identifiers: GHSA-9q9m-c65c-37pq, CVE-2023-33733
References: Repository: https://github.com/c53elyas/CVE-2023-33733
Blast Radius: 32.3

Affected Packages

pypi:reportlab
Dependent packages: 332
Dependent repositories: 13,661
Downloads: 5,538,464 last month
Affected Version Ranges: <= 3.6.12
Fixed in: 3.6.13
All affected versions: 3.1.8, 3.1.44, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.4, 3.5.5, 3.5.6, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.5.20, 3.5.21, 3.5.23, 3.5.26, 3.5.28, 3.5.31, 3.5.32, 3.5.34, 3.5.42, 3.5.44, 3.5.45, 3.5.46, 3.5.47, 3.5.48, 3.5.49, 3.5.50, 3.5.51, 3.5.52, 3.5.53, 3.5.54, 3.5.55, 3.5.56, 3.5.57, 3.5.58, 3.5.59, 3.5.62, 3.5.63, 3.5.64, 3.5.65, 3.5.66, 3.5.67, 3.5.68, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12
All unaffected versions: 3.6.13, 4.0.0, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.2.0, 4.2.2, 4.2.4, 4.2.5