GHSA-9q9m-c65c-37pq

Source

https://github.com/advisories/GHSA-9q9m-c65c-37pq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-9q9m-c65c-37pq/GHSA-9q9m-c65c-37pq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9q9m-c65c-37pq

Aliases

CVE-2023-33733

Published

2023-06-05T18:30:27Z

Modified

2025-01-08T22:11:41.572360Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Reportlab vulnerable to remote code execution

Details

Reportlab up to and including v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

Database specific

{
    "nvd_published_at": "2023-06-05T16:15:09Z",
    "github_reviewed_at": "2023-08-28T17:16:39Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

PyPI / reportlab

Package

Name: reportlab; View open source insights on deps.dev
Purl: pkg:pypi/reportlab

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.13

Affected versions

2.*

2.0

2.3

2.4

2.5

2.6

2.7

3.*

3.0

3.1.8

3.1.44

3.2.0

3.3.0

3.4.0

3.5.0

3.5.1

3.5.2

3.5.4

3.5.5

3.5.6

3.5.8

3.5.9

3.5.10

3.5.11

3.5.12

3.5.13

3.5.16

3.5.17

3.5.18

3.5.19

3.5.20

3.5.21

3.5.23

3.5.26

3.5.28

3.5.31

3.5.32

3.5.34

3.5.42

3.5.44

3.5.45

3.5.46

3.5.47

3.5.48

3.5.49

3.5.50

3.5.51

3.5.52

3.5.53

3.5.54

3.5.55

3.5.56

3.5.57

3.5.58

3.5.59

3.5.62

3.5.63

3.5.64

3.5.65

3.5.66

3.5.67

3.5.68

3.6.0

3.6.1

3.6.2

3.6.3

3.6.5

3.6.6

3.6.7

3.6.8

3.6.9

3.6.10

3.6.11

3.6.12

Database specific

last_known_affected_version_range

"<= 3.6.12"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-9q9m-c65c-37pq/GHSA-9q9m-c65c-37pq.json"