Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Related vulnerabilities

PYSEC-2021-146

Vulnerability from pysec - Published: 2021-02-18 16:15 - Updated: 2021-08-27 03:22
VLAI?
Details

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

Impacted products
Name purl
reportlab pkg:pypi/reportlab
Aliases
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "reportlab",
        "purl": "pkg:pypi/reportlab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.55"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0",
        "2.3",
        "2.4",
        "2.5",
        "2.6",
        "2.7",
        "3.0",
        "3.1.44",
        "3.1.8",
        "3.2.0",
        "3.3.0",
        "3.4.0",
        "3.5.0",
        "3.5.1",
        "3.5.10",
        "3.5.11",
        "3.5.12",
        "3.5.13",
        "3.5.16",
        "3.5.17",
        "3.5.18",
        "3.5.19",
        "3.5.2",
        "3.5.20",
        "3.5.21",
        "3.5.23",
        "3.5.26",
        "3.5.28",
        "3.5.31",
        "3.5.32",
        "3.5.34",
        "3.5.4",
        "3.5.42",
        "3.5.44",
        "3.5.45",
        "3.5.46",
        "3.5.47",
        "3.5.48",
        "3.5.49",
        "3.5.5",
        "3.5.50",
        "3.5.51",
        "3.5.52",
        "3.5.53",
        "3.5.54",
        "3.5.6",
        "3.5.8",
        "3.5.9"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28463",
    "SNYK-PYTHON-REPORTLAB-1022145",
    "GHSA-mpvw-25mg-59vx"
  ],
  "details": "All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes \u0026 trustedHosts (see in Reportlab\u0027s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -\u003e odyssey -\u003e dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject \u003cimg src=\"http://127.0.0.1:5000\" valign=\"top\"/\u003e 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF",
  "id": "PYSEC-2021-146",
  "modified": "2021-08-27T03:22:19.297131Z",
  "published": "2021-02-18T16:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"
    },
    {
      "type": "WEB",
      "url": "https://www.reportlab.com/docs/reportlab-userguide.pdf"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-mpvw-25mg-59vx"
    }
  ]
}