Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ReportLab 安全漏洞
Vulnerability Description
ReportLab是丹麦ReportLab公司的一款用于创建数据驱动的PDF文档和自定义矢量图形的开源引擎。 ReportLab 3.5.31 之前版本存在安全漏洞,该漏洞源于paraparser 允许远程执行代码, paraparser.py 中的 start_unichar 会评估 XML 文档中 unichar 元素中不受信任的用户输入,<unichar code=后可以跟任意 Python 代码。
CVSS Information
N/A
Vulnerability Type
N/A