Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Workstation Extension 12 SP5 package python-reportlab, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2019-17626 — CVSS 9.8 (critical): ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document…
CVE-2019-19450 — CVSS 9.8 (critical): paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in…
CVE-2023-33733 — CVSS 7.8 (high): Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
CVE-2020-28463 — CVSS 6.5 (medium): All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use…