CVE-2019-19450
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
| Vendor | n/a |
| Product | n/a |
| Published | Sep 20, 2023 |
| Last Updated | Aug 5, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new unknown vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
github.com: https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md pastebin.com: https://pastebin.com/5MicRrr4 lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/