PYSEC-2021-146
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/reportlab/PYSEC-2021-146.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2021-146
- Aliases
-
- CVE-2020-28463
- GHSA-mpvw-25mg-59vx
- SNYK-PYTHON-REPORTLAB-1022145
- Published
- 2021-02-18T16:15:00Z
- Modified
- 2023-11-08T04:03:27.381559Z
- Summary
- [none]
- Details
-
All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF
- References
Affected packages
PyPI / reportlab
Package
- Name
- reportlab
- View open source insights on deps.dev
- Purl
- pkg:pypi/reportlab
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.55
Affected versions
2.*
2.0
2.3
2.4
2.5
2.6
2.7
3.*
3.0
3.1.8
3.1.44
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1
3.5.2
3.5.4
3.5.5
3.5.6
3.5.8
3.5.9
3.5.10
3.5.11
3.5.12
3.5.13
3.5.16
3.5.17
3.5.18
3.5.19
3.5.20
3.5.21
3.5.23
3.5.26
3.5.28
3.5.31
3.5.32
3.5.34
3.5.42
3.5.44
3.5.45
3.5.46
3.5.47
3.5.48
3.5.49
3.5.50
3.5.51
3.5.52
3.5.53
3.5.54