GHSA-mpvw-25mg-59vx

Suggest an improvement
Source
https://github.com/advisories/GHSA-mpvw-25mg-59vx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-mpvw-25mg-59vx/GHSA-mpvw-25mg-59vx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-mpvw-25mg-59vx
Aliases
Published
2021-03-29T16:32:27Z
Modified
2024-10-26T19:20:54.520333Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Server-side Request Forgery (SSRF) via img tags in reportlab
Details

All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation)

Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF

Database specific
{
    "nvd_published_at": "2021-02-18T16:15:00Z",
    "cwe_ids": [
        "CWE-918"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-19T22:04:29Z"
}
References

Affected packages

PyPI / reportlab

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.55

Affected versions

2.*

2.0
2.3
2.4
2.5
2.6
2.7

3.*

3.0
3.1.8
3.1.44
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1
3.5.2
3.5.4
3.5.5
3.5.6
3.5.8
3.5.9
3.5.10
3.5.11
3.5.12
3.5.13
3.5.16
3.5.17
3.5.18
3.5.19
3.5.20
3.5.21
3.5.23
3.5.26
3.5.28
3.5.31
3.5.32
3.5.34
3.5.42
3.5.44
3.5.45
3.5.46
3.5.47
3.5.48
3.5.49
3.5.50
3.5.51
3.5.52
3.5.53
3.5.54