Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-28463

Опубликовано: 18 фев. 2021
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:reportlab:reportlab:*:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 72%
0.00729
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

ubuntu логотип

CVE-2020-28463

CVSS3: 6.5
ubuntu
почти 5 лет назад

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

redhat логотип

CVE-2020-28463

CVSS3: 5.4
redhat
почти 5 лет назад

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

debian логотип

CVE-2020-28463

CVSS3: 6.5
debian
почти 5 лет назад

All versions of package reportlab are vulnerable to Server-side Reques ...

suse-cvrf логотип

openSUSE-SU-2021:2641-1

suse-cvrf
больше 4 лет назад

Security update for python-reportlab

suse-cvrf логотип

openSUSE-SU-2021:1147-1

suse-cvrf
больше 4 лет назад

Security update for python-reportlab

EPSS

Процентиль: 72%
0.00729
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-918