{"id":"PYSEC-2019-47","details":"ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '\u003cspan color=\"' followed by arbitrary Python code.","modified":"2023-03-14T07:01:09.351902Z","published":"2019-10-16T12:15:00Z","withdrawn":"2023-03-14T07:01:09.351902Z","references":[{"type":"WEB","url":"https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"},{"type":"WEB","url":"https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:0197"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:0195"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:0201"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2020:0230"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4273-1/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html"},{"type":"WEB","url":"https://www.debian.org/security/2020/dsa-4663"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202007-35"}],"affected":[{"package":{"name":"reportlab","ecosystem":"PyPI","purl":"pkg:pypi/reportlab"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.28"}]}],"versions":["2.0","2.3","2.4","2.5","2.6","2.7","3.0","3.1.8","3.1.44","3.2.0","3.3.0","3.4.0","3.5.0","3.5.1","3.5.2","3.5.4","3.5.5","3.5.6","3.5.8","3.5.9","3.5.10","3.5.11","3.5.12","3.5.13","3.5.16","3.5.17","3.5.18","3.5.19","3.5.20","3.5.21","3.5.23","3.5.26"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/reportlab/PYSEC-2019-47.yaml"}}],"schema_version":"1.7.3"}