Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Vulnerability Description
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
WeasyPrint 安全漏洞
Vulnerability Description
WeasyPrint是Kozea开源的一种智能解决方案。可帮助 Web 开发人员创建 PDF 文件。 WeasyPrint 61.0、61.1版本存在安全漏洞,该漏洞源于允许将任意文件和 URL 的内容附加到生成的 PDF 文档,即使 url_fetcher 配置为阻止访问文件和 URL。
CVSS Information
N/A
Vulnerability Type
N/A