Описание
ELSA-2023-5790: python-reportlab security update (IMPORTANT)
[3.4.0-8.1]
- python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
python3-reportlab
3.4.0-8.el8_8.1
Oracle Linux x86_64
python3-reportlab
3.4.0-8.el8_8.1
Связанные CVE
Связанные уязвимости
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
paraparser in ReportLab before 3.5.31 allows remote code execution bec ...
