CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2019-19450 – python-reportlab: code injection in paraparser.py allows code execution
https://notcve.org/view.php?id=CVE-2019-19450
20 Sep 2023 — paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with ' https://notcve.org/view.php?id=CVE-2023-33733 05 Jun 2023 — Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document. • https://github.com/L41KAA/CVE-2023-33733-Exploit-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') • CVSS: 7.8EPSS: 19%CPEs: 1EXPL: 5CVE-2023-33733 – Ubuntu Security Notice USN-6196-1
CVSS: 9.8EPSS: 36%CPEs: 1EXPL: 1CVE-2019-17626 – python-reportlab: code injection in colors.py allows attacker to execute code
https://notcve.org/view.php?id=CVE-2019-17626
16 Oct 2019 — ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '