{"id":"PYSEC-2021-146","details":"All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -\u003e odyssey -\u003e dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject \u003cimg src=\"http://127.0.0.1:5000\" valign=\"top\"/\u003e 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF","aliases":["CVE-2020-28463","GHSA-mpvw-25mg-59vx","SNYK-PYTHON-REPORTLAB-1022145"],"modified":"2023-11-08T04:03:27.381559Z","published":"2021-02-18T16:15:00Z","references":[{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"},{"type":"WEB","url":"https://www.reportlab.com/docs/reportlab-userguide.pdf"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-mpvw-25mg-59vx"}],"affected":[{"package":{"name":"reportlab","ecosystem":"PyPI","purl":"pkg:pypi/reportlab"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.55"}]}],"versions":["2.0","2.3","2.4","2.5","2.6","2.7","3.0","3.1.44","3.1.8","3.2.0","3.3.0","3.4.0","3.5.0","3.5.1","3.5.10","3.5.11","3.5.12","3.5.13","3.5.16","3.5.17","3.5.18","3.5.19","3.5.2","3.5.20","3.5.21","3.5.23","3.5.26","3.5.28","3.5.31","3.5.32","3.5.34","3.5.4","3.5.42","3.5.44","3.5.45","3.5.46","3.5.47","3.5.48","3.5.49","3.5.5","3.5.50","3.5.51","3.5.52","3.5.53","3.5.54","3.5.6","3.5.8","3.5.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/reportlab/PYSEC-2021-146.yaml"}}],"schema_version":"1.7.3"}