Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcGcyLXZ4N2otMzg2Oc4AAq9o
XML Injection in ReportLab
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
Permalink: https://github.com/advisories/GHSA-qpg2-vx7j-3869JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcGcyLXZ4N2otMzg2Oc4AAq9o
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-qpg2-vx7j-3869, CVE-2019-17626
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-17626
- https://access.redhat.com/errata/RHSA-2020:0195
- https://access.redhat.com/errata/RHSA-2020:0197
- https://access.redhat.com/errata/RHSA-2020:0201
- https://access.redhat.com/errata/RHSA-2020:0230
- https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
- https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md
- https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3
- https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html
- https://lists.fedoraproject.org/archives/list/[email protected]/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/
- https://security.gentoo.org/glsa/202007-35
- https://usn.ubuntu.com/4273-1/
- https://www.debian.org/security/2020/dsa-4663
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html
- https://access.redhat.com/security/cve/cve-2019-17626
- https://web.archive.org/web/20191016111823/https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
- https://github.com/advisories/GHSA-qpg2-vx7j-3869
- https://github.com/pypa/advisory-database/tree/main/vulns/reportlab/PYSEC-2019-117.yaml
Blast Radius: 40.5
Affected Packages
pypi:reportlab
Dependent packages: 204Dependent repositories: 13,661
Downloads: 4,748,060 last month
Affected Version Ranges: < 3.5.28
Fixed in: 3.5.28
All affected versions: 3.1.8, 3.1.44, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.4, 3.5.5, 3.5.6, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.5.20, 3.5.21, 3.5.23, 3.5.26
All unaffected versions: 3.5.28, 3.5.31, 3.5.32, 3.5.34, 3.5.42, 3.5.44, 3.5.45, 3.5.46, 3.5.47, 3.5.48, 3.5.49, 3.5.50, 3.5.51, 3.5.52, 3.5.53, 3.5.54, 3.5.55, 3.5.56, 3.5.57, 3.5.58, 3.5.59, 3.5.62, 3.5.63, 3.5.64, 3.5.65, 3.5.66, 3.5.67, 3.5.68, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 4.0.0, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.2.0