GHSA-9q9m-c65c-37pq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9q9m-c65c-37pq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-9q9m-c65c-37pq/GHSA-9q9m-c65c-37pq.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-9q9m-c65c-37pq
- Aliases
- Published
- 2023-06-05T18:30:27Z
- Modified
- 2024-02-19T05:30:02.187899Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Reportlab vulnerable to remote code execution
- Details
-
Reportlab up to and including v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
- Database specific
{ "nvd_published_at": "2023-06-05T16:15:09Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-28T17:16:39Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-33733
- https://github.com/c53elyas/CVE-2023-33733
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ
Affected packages
PyPI / reportlab
Package
- Name
- reportlab
- View open source insights on deps.dev
- Purl
- pkg:pypi/reportlab
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.13
Affected versions
2.*
2.0
2.3
2.4
2.5
2.6
2.7
3.*
3.0
3.1.8
3.1.44
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1
3.5.2
3.5.4
3.5.5
3.5.6
3.5.8
3.5.9
3.5.10
3.5.11
3.5.12
3.5.13
3.5.16
3.5.17
3.5.18
3.5.19
3.5.20
3.5.21
3.5.23
3.5.26
3.5.28
3.5.31
3.5.32
3.5.34
3.5.42
3.5.44
3.5.45
3.5.46
3.5.47
3.5.48
3.5.49
3.5.50
3.5.51
3.5.52
3.5.53
3.5.54
3.5.55
3.5.56
3.5.57
3.5.58
3.5.59
3.5.62
3.5.63
3.5.64
3.5.65
3.5.66
3.5.67
3.5.68
3.6.0
3.6.1
3.6.2
3.6.3
3.6.5
3.6.6
3.6.7
3.6.8
3.6.9
3.6.10
3.6.11
3.6.12