Search
Find a vulnerability
Search criteria
4 vulnerabilities found for weasyprint by kozea
CVE-2025-68616 (GCVE-0-2025-68616)
Vulnerability from nvd – Published: 2026-01-19 15:20 – Updated: 2026-06-30 12:07
VLAI
EPSS
VEX
Title
WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
Summary
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/Kozea/WeasyPrint/security/advi… | x_refsource_CONFIRM |
| https://github.com/Kozea/WeasyPrint/commit/b6a14f… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2025-68616 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2430858 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kozea | WeasyPrint |
Affected:
< 68.0
|
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68616",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:42:42.675622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:42:46.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-19T15:20:23.702Z",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) Protection Bypass exists in WeasyPrint\u0027s `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer\u0027s security policy."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:15.244Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-68616"
},
{
"name": "RHBZ#2430858",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430858"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68616.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-19T16:00:58.220Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-19T15:20:23.702Z",
"value": "Made public."
}
],
"title": "WeasyPrint: WeasyPrint Server-Side Request Forgery (SSRF)",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "WeasyPrint",
"vendor": "Kozea",
"versions": [
{
"status": "affected",
"version": "\u003c 68.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint\u0027s `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer\u0027s security policy. Version 68.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T15:20:23.702Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv"
},
{
"name": "https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565"
}
],
"source": {
"advisory": "GHSA-983w-rhvv-gwmv",
"discovery": "UNKNOWN"
},
"title": "WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68616",
"datePublished": "2026-01-19T15:20:23.702Z",
"dateReserved": "2025-12-19T14:58:47.824Z",
"dateUpdated": "2026-06-30T12:07:15.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28184 (GCVE-0-2024-28184)
Vulnerability from nvd – Published: 2024-03-09 00:50 – Updated: 2025-02-13 17:47
VLAI
EPSS
VEX
Title
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Summary
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Kozea/WeasyPrint/security/advi… | x_refsource_CONFIRM |
| https://github.com/Kozea/WeasyPrint/commit/734ee8… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kozea | WeasyPrint |
Affected:
>= 61.0, <= 61.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:00:17.785523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:52:58.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r"
},
{
"name": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WeasyPrint",
"vendor": "Kozea",
"versions": [
{
"status": "affected",
"version": "\u003e= 61.0, \u003c= 61.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeasyPrint helps web developers to create PDF documents. Since version 61.0, there\u0027s a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T02:06:56.004Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r"
},
{
"name": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/"
}
],
"source": {
"advisory": "GHSA-35jj-wx47-4w8r",
"discovery": "UNKNOWN"
},
"title": "WeasyPrint allows the attachment of arbitrary files and URLs to a PDF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28184",
"datePublished": "2024-03-09T00:50:32.115Z",
"dateReserved": "2024-03-06T17:35:00.857Z",
"dateUpdated": "2025-02-13T17:47:28.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-68616 (GCVE-0-2025-68616)
Vulnerability from cvelistv5 – Published: 2026-01-19 15:20 – Updated: 2026-06-30 12:07
VLAI
EPSS
VEX
Title
WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
Summary
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/Kozea/WeasyPrint/security/advi… | x_refsource_CONFIRM |
| https://github.com/Kozea/WeasyPrint/commit/b6a14f… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2025-68616 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2430858 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Kozea | WeasyPrint |
Affected:
< 68.0
|
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68616",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T15:42:42.675622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T15:42:46.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-19T15:20:23.702Z",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) Protection Bypass exists in WeasyPrint\u0027s `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer\u0027s security policy."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:15.244Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-68616"
},
{
"name": "RHBZ#2430858",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430858"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68616.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-19T16:00:58.220Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-19T15:20:23.702Z",
"value": "Made public."
}
],
"title": "WeasyPrint: WeasyPrint Server-Side Request Forgery (SSRF)",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "WeasyPrint",
"vendor": "Kozea",
"versions": [
{
"status": "affected",
"version": "\u003c 68.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint\u0027s `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer\u0027s security policy. Version 68.0 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T15:20:23.702Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv"
},
{
"name": "https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565"
}
],
"source": {
"advisory": "GHSA-983w-rhvv-gwmv",
"discovery": "UNKNOWN"
},
"title": "WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68616",
"datePublished": "2026-01-19T15:20:23.702Z",
"dateReserved": "2025-12-19T14:58:47.824Z",
"dateUpdated": "2026-06-30T12:07:15.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28184 (GCVE-0-2024-28184)
Vulnerability from cvelistv5 – Published: 2024-03-09 00:50 – Updated: 2025-02-13 17:47
VLAI
EPSS
VEX
Title
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Summary
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Kozea/WeasyPrint/security/advi… | x_refsource_CONFIRM |
| https://github.com/Kozea/WeasyPrint/commit/734ee8… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kozea | WeasyPrint |
Affected:
>= 61.0, <= 61.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:00:17.785523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:52:58.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r"
},
{
"name": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WeasyPrint",
"vendor": "Kozea",
"versions": [
{
"status": "affected",
"version": "\u003e= 61.0, \u003c= 61.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeasyPrint helps web developers to create PDF documents. Since version 61.0, there\u0027s a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T02:06:56.004Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r"
},
{
"name": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/"
}
],
"source": {
"advisory": "GHSA-35jj-wx47-4w8r",
"discovery": "UNKNOWN"
},
"title": "WeasyPrint allows the attachment of arbitrary files and URLs to a PDF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28184",
"datePublished": "2024-03-09T00:50:32.115Z",
"dateReserved": "2024-03-06T17:35:00.857Z",
"dateUpdated": "2025-02-13T17:47:28.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}