Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.
Permalink: https://github.com/advisories/GHSA-jj5c-hhrg-vv5hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 days ago
Updated: 6 days ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-jj5c-hhrg-vv5h, CVE-2024-25885
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-25885
- https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
- https://github.com/advisories/GHSA-jj5c-hhrg-vv5h
Affected Packages
pypi:xhtml2pdf
Dependent packages: 40Dependent repositories: 2,256
Downloads: 943,756 last month
Affected Version Ranges: <= 0.2.16
No known fixed version
All affected versions: 0.0.0, 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.2.13, 0.2.14, 0.2.15, 0.2.16