Lucene search
MitreCVELIST:CVE-2019-19450HistorySep 20, 2023 - 12:00 a.m.
CVE-2019-19450
2023-09-2000:00:00
mitre
www.cve.org
2
cve-2019-19450
reportlab
code execution
paraparser
xml document
python
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with ‘<unichar code="’ followed by arbitrary Python code, a similar issue to CVE-2019-17626.
References
github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md
lists.debian.org/debian-lts-announce/2023/09/msg00037.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHMCB2GJQKFMGVO5RWHN222NQL5XYPHZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HADPTB3SBU7IVRMDK7OL6WSQRU5AFWDZ/
pastebin.com/5MicRrr4
Related
osv
osv
ReportLab vulnerable to remote code execution via paraparser
2023-09-20 15:30:51
Important: python-reportlab security update
2023-10-17 00:00:00
XML Injection in ReportLab
2022-05-24 22:00:57
nessus
nessus
Fedora 39 : python-reportlab (2024-6ec4e78241)
2024-04-28 00:00:00
openSUSE 15 Security Update : python-reportlab (SUSE-SU-2023:3972-1)
2023-10-05 00:00:00
Oracle Linux 7 : python-reportlab (ELSA-2023-5616)
2023-10-10 00:00:00
redhatcve
redhatcve
CVE-2019-19450
2023-09-22 04:54:14
CVE-2019-17626
2020-01-27 10:06:47
nvd
nvd
CVE-2019-19450
2023-09-20 14:15:12
CVE-2019-17626
2019-10-16 12:15:12
debiancve
debiancve
CVE-2019-19450
2023-09-20 14:15:12
CVE-2019-17626
2019-10-16 12:15:12
cve
cve
CVE-2019-19450
2023-09-20 14:15:12
CVE-2019-17626
2019-10-16 12:15:12
prion
prion
Remote code execution
2023-09-20 14:15:00
Remote code execution
2019-10-16 12:15:00
github
github
ReportLab vulnerable to remote code execution via paraparser
2023-09-20 15:30:51
XML Injection in ReportLab
2022-05-24 22:00:57
amazon
amazon
Important: python-reportlab
2023-09-27 22:49:00
Important: python-reportlab
2020-02-05 16:34:00
ubuntucve
ubuntucve
CVE-2019-19450
2023-09-20 00:00:00
CVE-2019-17626
2019-10-16 00:00:00
debian
debian
[SECURITY] [DLA 3590-1] python-reportlab security update
2023-09-29 19:57:32
[SECURITY] [DSA 4663-1] python-reportlab security update
2020-04-25 09:51:45
[SECURITY] [DSA 4663-1] python-reportlab security update
2020-04-25 09:51:45
openvas
openvas
Debian: Security Advisory (DLA-3590-1)
2023-10-02 00:00:00
Fedora: Security Advisory for python-reportlab (FEDORA-2024-6ec4e78241)
2024-05-27 00:00:00
CentOS: Security Advisory for python-reportlab (CESA-2023:5616)
2024-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: python-reportlab-4.2.0-1.fc39
2024-04-28 03:29:47
[SECURITY] Fedora 40 Update: python-reportlab-4.2.0-1.fc40
2024-04-28 03:18:20
[SECURITY] Fedora 30 Update: python-reportlab-3.5.34-2.fc30
2020-01-26 01:01:16
redhat
redhat
(RHSA-2023:5787) Important: python-reportlab security update
2023-10-17 13:33:05
(RHSA-2023:5616) Important: python-reportlab security update
2023-10-10 14:35:13
(RHSA-2023:5786) Important: python-reportlab security update
2023-10-17 13:32:35
almalinux
almalinux
Important: python-reportlab security update
2023-10-17 00:00:00
centos
centos
python security update
2024-02-20 14:49:49
python security update
2020-01-28 21:28:12
python security update
2020-01-28 21:23:46
oraclelinux
oraclelinux
python-reportlab security update
2023-10-19 00:00:00
python-reportlab security update
2020-01-21 00:00:00
python-reportlab security update
2023-10-11 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2023-10-08 05:35:22
Remote Code Execution
2019-10-17 03:15:30
suse
suse
Security update for python-reportlab (important)
2020-02-04 00:00:00
gentoo
gentoo
ReportLab: Arbitrary code execution
2020-07-27 00:00:00
ubuntu
ubuntu
ReportLab vulnerability
2020-02-06 00:00:00
cvelist
cvelist
CVE-2019-17626
2019-10-16 11:29:38
mageia
mageia
Updated python-reportlab packages fix security vulnerability
2020-01-28 10:52:40
redos
redos
ROS-20240524-02
2024-05-24 00:00:00