Django REST framework
Api Root
Package List
Package Instance
Format
json
api
admin
Package Instance
Lookup for vulnerable packages by Package URL.
Purl
pkg:pypi/reportlab@3.4.0
Type
pypi
Namespace
Name
reportlab
Version
3.4.0
Qualifiers
Subpath
Is_vulnerable
true
Next_non_vulnerable_version
3.5.55
Latest_non_vulnerable_version
3.6.13
Affected_by_vulnerabilities
0
url
VCID-7ae4-65em-sbdg
vulnerability_id
VCID-7ae4-65em-sbdg
summary
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
references
0
reference_url
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html
reference_id
reference_type
scores
url
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html
1
reference_url
https://access.redhat.com/errata/RHSA-2020:0195
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2020:0195
2
reference_url
https://access.redhat.com/errata/RHSA-2020:0197
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2020:0197
3
reference_url
https://access.redhat.com/errata/RHSA-2020:0201
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2020:0201
4
reference_url
https://access.redhat.com/errata/RHSA-2020:0230
reference_id
reference_type
scores
url
https://access.redhat.com/errata/RHSA-2020:0230
5
reference_url
https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
reference_id
reference_type
scores
url
https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code
6
reference_url
https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md
reference_id
reference_type
scores
url
https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md
7
reference_url
https://github.com/advisories/GHSA-qpg2-vx7j-3869
reference_id
reference_type
scores
url
https://github.com/advisories/GHSA-qpg2-vx7j-3869
8
reference_url
https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html
reference_id
reference_type
scores
url
https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html
9
reference_url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/
reference_id
reference_type
scores
url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/
10
reference_url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/
reference_id
reference_type
scores
url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/
11
reference_url
https://security.gentoo.org/glsa/202007-35
reference_id
reference_type
scores
url
https://security.gentoo.org/glsa/202007-35
12
reference_url
https://usn.ubuntu.com/4273-1/
reference_id
reference_type
scores
url
https://usn.ubuntu.com/4273-1/
13
reference_url
https://www.debian.org/security/2020/dsa-4663
reference_id
reference_type
scores
url
https://www.debian.org/security/2020/dsa-4663
fixed_packages
0
url
pkg:pypi/reportlab@3.5.28
purl
pkg:pypi/reportlab@3.5.28
is_vulnerable
true
affected_by_vulnerabilities
0
vulnerability
VCID-jkaa-rknn-p7au
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.28
aliases
CVE-2019-17626, GHSA-qpg2-vx7j-3869, PYSEC-2019-117
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ae4-65em-sbdg
1
url
VCID-jkaa-rknn-p7au
vulnerability_id
VCID-jkaa-rknn-p7au
summary
url request injection
references
0
reference_url
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28463
reference_id
reference_type
scores
url
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28463
1
reference_url
https://github.com/advisories/GHSA-mpvw-25mg-59vx
reference_id
reference_type
scores
url
https://github.com/advisories/GHSA-mpvw-25mg-59vx
2
reference_url
https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
reference_id
reference_type
scores
url
https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
3
reference_url
https://www.reportlab.com/docs/reportlab-userguide.pdf
reference_id
reference_type
scores
url
https://www.reportlab.com/docs/reportlab-userguide.pdf
4
reference_url
https://security.archlinux.org/AVG-1592
reference_id
AVG-1592
reference_type
scores
0
value
Medium
scoring_system
archlinux
scoring_elements
url
https://security.archlinux.org/AVG-1592
fixed_packages
0
url
pkg:pypi/reportlab@3.5.55
purl
pkg:pypi/reportlab@3.5.55
is_vulnerable
false
affected_by_vulnerabilities
resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.55
aliases
CVE-2020-28463, GHSA-mpvw-25mg-59vx, PYSEC-2021-146, SNYK-PYTHON-REPORTLAB-1022145
risk_score
null
exploitability
null
weighted_severity
null
resource_url
http://public2.vulnerablecode.io/vulnerabilities/VCID-jkaa-rknn-p7au
Fixing_vulnerabilities
Risk_score
null
Resource_url
http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.4.0
×
Create
None
×
Edit
None