Download
| Alert*
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with 'DSA-4663 | ||||||||
| FEDORA-2020-d2fb999600 | ||||||||
| FEDORA-2020-f3e0ba2f79 | ||||||||
| GLSA-202007-35 | ||||||||
| RHSA-2020:0195 | ||||||||
| RHSA-2020:0197 | ||||||||
| RHSA-2020:0201 | ||||||||
| RHSA-2020:0230 | ||||||||
| USN-4273-1 | ||||||||
| https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html | ||||||||
| https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code | ||||||||
| https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md | ||||||||
| openSUSE-SU-2020:0160 | ||||||||
