{"id":"CVE-2020-27998","details":"An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.","aliases":["GHSA-v726-3vg9-cp34"],"modified":"2026-04-02T05:10:32.696221Z","published":"2020-10-29T18:15:12.787Z","references":[{"type":"ADVISORY","url":"https://github.com/FastReports/FastReport/pull/206"},{"type":"ADVISORY","url":"https://opensource.fast-report.com/2020/09/report-script-security.html"},{"type":"ADVISORY","url":"https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fastreports/fastreport","events":[{"introduced":"0"},{"fixed":"7321560e477c908e44daef65bb43755d53f3f7f8"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2020.4.0"}]}}],"versions":["v2018.4.14","v2018.4.15","v2018.4.16","v2018.4.7","v2018.4.9","v2019.1.0","v2019.2.0","v2019.2.7","v2019.3.0","v2019.4.0","v2020.1.0","v2020.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27998.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}