Security Advisory

CVE-2019-17626

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-16 11:29:38

Last updated 2024-08-05 01:47:13

Assigner mitre

State PUBLISHED

Description

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with <span color=" followed by arbitrary Python code.

← Browse all CVEs View on cve.org ↗