CVE-2019-17626

Опубликовано: 16 окт. 2019

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 7.5

CVSS3: 9.8

Описание

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

Релиз	Статус	Примечание
bionic	released	3.4.0-3ubuntu0.1
devel	not-affected	3.5.34-1
disco	ignored	end of life
eoan	released	3.5.23-1ubuntu0.1
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	3.4.0-3ubuntu0.1
esm-infra/xenial	released	3.3.0-1ubuntu0.1
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 95%

0.16839

Средний

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2019-17626

CVSS3: 9.8

redhat

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

nvd

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

debian

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toCol ...

openSUSE-SU-2020:0160-1

suse-cvrf

около 6 лет назад

Security update for python-reportlab

SUSE-SU-2020:0324-1

suse-cvrf

около 6 лет назад

Security update for python-reportlab

EPSS

Процентиль: 95%

0.16839

Средний

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2019-17626

Описание

Пакет python-reportlab

Ссылки на источники

Связанные уязвимости