Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: CVE-2019-19450: RCE in reportLab through paraparser
- # Reported to ReportLab: Nov 29, 2019
- # Impacted Versions: v3.5.30 and before
- # Description
- ReportLab before 3.5.31 allows remote code execution because
- start_unichar in paraparser.py evaluates untrusted user input in
- a unichar element in a crafted XML document with '<unichar code="'
- followed by arbitrary Python code, a similar issue to CVE-2019-17626.
- The vendor has given the credit for this as can be seen on the changes page (https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md#release-353115102019).
- # VulnerabilityType Other
- Remote Code Execution
- # Vendor of Product
- reportlab
- # Affected Product Code Base
- https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md all reportlab versions < 3.5.31
- # Affected Component
- paraparser/platypus
- # Attack Type
- Remote
- #Impact Code execution
- true
- # Attack Vectors
- To exploit the issues, similar to CVE-2019-17626, a malicious user has
- to use a crafted malicious html 'unichar' tag input and then use the
- reportlab's feature to generate a pdf of the document.
- # Reference
- https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md
- # Has vendor confirmed or acknowledged the vulnerability?
- true
- # Discoverer
- Ravi Prakash Giri
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement