openSUSE-SU-2021:2641-1

Опубликовано: 09 авг. 2021

Источник: suse-cvrf

Описание

Security update for python-reportlab

This update for python-reportlab fixes the following issues:

CVE-2020-28463: Fixed Server-side Request Forgery via img tags (bsc#1182503).

Список пакетов

openSUSE Leap 15.3

python2-reportlab-3.4.0-3.6.1

python3-reportlab-3.4.0-3.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E52AKOBLZLRVRGNROGFREOUCWFZYLKPT/
E-Mail link for openSUSE-SU-2021:2641-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1182503
SUSE Bug 1182503
https://www.suse.com/security/cve/CVE-2020-28463/
SUSE CVE CVE-2020-28463 page

Описание

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

Затронутые продукты

openSUSE Leap 15.3:python2-reportlab-3.4.0-3.6.1

openSUSE Leap 15.3:python3-reportlab-3.4.0-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-28463.html
CVE-2020-28463
https://bugzilla.suse.com/1182503
SUSE Bug 1182503

openSUSE-SU-2021:2641-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2020-28463

Описание

Затронутые продукты

Ссылки