CVE-2019-17626

Опубликовано: 16 окт. 2019

Источник: debian

EPSS Низкий

Описание

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-reportlab	fixed	3.5.34-1		package

Примечания

https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
Minimal patch in https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code#comment-55887892
but upstream did make the bugreport private.

EPSS

Процентиль: 91%

0.06151

Низкий

Связанные уязвимости

CVE-2019-17626

CVSS3: 9.8

ubuntu

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

redhat

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

nvd

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

openSUSE-SU-2020:0160-1

suse-cvrf

около 6 лет назад

Security update for python-reportlab

SUSE-SU-2020:0324-1

suse-cvrf

около 6 лет назад

Security update for python-reportlab

EPSS

Процентиль: 91%

0.06151

Низкий