ELSA-2020-0197

Опубликовано: 21 янв. 2020

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2020-0197: python-reportlab security update (IMPORTANT)

[2.3-3.el6_10.1]

Do not eval strings passed to toColor
Resolves: #1788551

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

python-reportlab

2.3-3.el6_10.1

python-reportlab-docs

2.3-3.el6_10.1

Oracle Linux i686

python-reportlab

2.3-3.el6_10.1

python-reportlab-docs

2.3-3.el6_10.1

Связанные CVE

CVE-2019-17626

Ссылки на источники

Связанные уязвимости

CVE-2019-17626

CVSS3: 9.8

ubuntu

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

redhat

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

nvd

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

debian

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toCol ...

openSUSE-SU-2020:0160-1

suse-cvrf

около 6 лет назад

Security update for python-reportlab