{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35424?format=json","vulnerability_id":"VCID-7ae4-65em-sbdg","summary":"ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color=\"' followed by arbitrary Python code.","aliases":[{"alias":"CVE-2019-17626"},{"alias":"GHSA-qpg2-vx7j-3869"},{"alias":"PYSEC-2019-117"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5992?format=json","purl":"pkg:deb/debian/python-reportlab@3.3.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.3.0-2%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5993?format=json","purl":"pkg:deb/debian/python-reportlab@3.5.13-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.5.13-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/125334?format=json","purl":"pkg:deb/debian/python-reportlab@3.5.34-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.5.34-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/5994?format=json","purl":"pkg:deb/debian/python-reportlab@3.5.59-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.5.59-2"},{"url":"http://public2.vulnerablecode.io/api/packages/125336?format=json","purl":"pkg:deb/debian/python-reportlab@3.5.59-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.5.59-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/125333?format=json","purl":"pkg:deb/debian/python-reportlab@3.6.12-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.6.12-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/125339?format=json","purl":"pkg:deb/debian/python-reportlab@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/125337?format=json","purl":"pkg:deb/debian/python-reportlab@4.4.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@4.4.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/125338?format=json","purl":"pkg:deb/debian/python-reportlab@4.5.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@4.5.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/192832?format=json","purl":"pkg:ebuild/dev-python/reportlab@3.5.42","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/reportlab@3.5.42"},{"url":"http://public2.vulnerablecode.io/api/packages/14443?format=json","purl":"pkg:pypi/reportlab@3.5.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.28"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5984?format=json","purl":"pkg:deb/debian/python-reportlab@1.13-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@1.13-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5985?format=json","purl":"pkg:deb/debian/python-reportlab@1.20debian-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@1.20debian-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5986?format=json","purl":"pkg:deb/debian/python-reportlab@2.0dfsg-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@2.0dfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5987?format=json","purl":"pkg:deb/debian/python-reportlab@2.1dfsg-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@2.1dfsg-2"},{"url":"http://public2.vulnerablecode.io/api/packages/5988?format=json","purl":"pkg:deb/debian/python-reportlab@2.4-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@2.4-4"},{"url":"http://public2.vulnerablecode.io/api/packages/5989?format=json","purl":"pkg:deb/debian/python-reportlab@2.5-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@2.5-1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/5990?format=json","purl":"pkg:deb/debian/python-reportlab@3.1.8-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.1.8-3"},{"url":"http://public2.vulnerablecode.io/api/packages/5991?format=json","purl":"pkg:deb/debian/python-reportlab@3.1.8-3%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.1.8-3%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5992?format=json","purl":"pkg:deb/debian/python-reportlab@3.3.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.3.0-2%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5993?format=json","purl":"pkg:deb/debian/python-reportlab@3.5.13-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-reportlab@3.5.13-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/14411?format=json","purl":"pkg:pypi/reportlab@2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/14412?format=json","purl":"pkg:pypi/reportlab@2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/14413?format=json","purl":"pkg:pypi/reportlab@2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/14414?format=json","purl":"pkg:pypi/reportlab@2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/14415?format=json","purl":"pkg:pypi/reportlab@2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/14416?format=json","purl":"pkg:pypi/reportlab@2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/14417?format=json","purl":"pkg:pypi/reportlab@3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/14418?format=json","purl":"pkg:pypi/reportlab@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/14419?format=json","purl":"pkg:pypi/reportlab@3.1.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.1.44"},{"url":"http://public2.vulnerablecode.io/api/packages/14420?format=json","purl":"pkg:pypi/reportlab@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/14421?format=json","purl":"pkg:pypi/reportlab@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/14422?format=json","purl":"pkg:pypi/reportlab@3.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/14423?format=json","purl":"pkg:pypi/reportlab@3.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/14424?format=json","purl":"pkg:pypi/reportlab@3.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/14425?format=json","purl":"pkg:pypi/reportlab@3.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/14426?format=json","purl":"pkg:pypi/reportlab@3.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/14427?format=json","purl":"pkg:pypi/reportlab@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/14428?format=json","purl":"pkg:pypi/reportlab@3.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/14429?format=json","purl":"pkg:pypi/reportlab@3.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/14430?format=json","purl":"pkg:pypi/reportlab@3.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/14431?format=json","purl":"pkg:pypi/reportlab@3.5.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.10"},{"url":"http://public2.vulnerablecode.io/api/packages/14432?format=json","purl":"pkg:pypi/reportlab@3.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/14433?format=json","purl":"pkg:pypi/reportlab@3.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.12"},{"url":"http://public2.vulnerablecode.io/api/packages/14434?format=json","purl":"pkg:pypi/reportlab@3.5.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.13"},{"url":"http://public2.vulnerablecode.io/api/packages/14435?format=json","purl":"pkg:pypi/reportlab@3.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.16"},{"url":"http://public2.vulnerablecode.io/api/packages/14436?format=json","purl":"pkg:pypi/reportlab@3.5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.17"},{"url":"http://public2.vulnerablecode.io/api/packages/14437?format=json","purl":"pkg:pypi/reportlab@3.5.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.18"},{"url":"http://public2.vulnerablecode.io/api/packages/14438?format=json","purl":"pkg:pypi/reportlab@3.5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/14439?format=json","purl":"pkg:pypi/reportlab@3.5.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.20"},{"url":"http://public2.vulnerablecode.io/api/packages/14440?format=json","purl":"pkg:pypi/reportlab@3.5.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.21"},{"url":"http://public2.vulnerablecode.io/api/packages/14441?format=json","purl":"pkg:pypi/reportlab@3.5.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.23"},{"url":"http://public2.vulnerablecode.io/api/packages/14442?format=json","purl":"pkg:pypi/reportlab@3.5.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"},{"vulnerability":"VCID-gn2v-c44r-7bc8"},{"vulnerability":"VCID-jkaa-rknn-p7au"},{"vulnerability":"VCID-u1pp-ngnq-ybar"},{"vulnerability":"VCID-vz5z-udbg-vufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/reportlab@3.5.26"},{"url":"http://public2.vulnerablecode.io/api/packages/143031?format=json","purl":"pkg:rpm/redhat/python-reportlab@2.3-3.el6_10?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-reportlab@2.3-3.el6_10%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/143030?format=json","purl":"pkg:rpm/redhat/python-reportlab@2.5-9.el7_7?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-reportlab@2.5-9.el7_7%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/143032?format=json","purl":"pkg:rpm/redhat/python-reportlab@3.4.0-6.el8_0?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-reportlab@3.4.0-6.el8_0%3Farch=2"},{"url":"http://public2.vulnerablecode.io/api/packages/143033?format=json","purl":"pkg:rpm/redhat/python-reportlab@3.4.0-6.el8_1?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7ae4-65em-sbdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-reportlab@3.4.0-6.el8_1%3Farch=2"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00002.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0195","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2020:0195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0197","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2020:0197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0201","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2020:0201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0230","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2020:0230"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17626.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17626.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2019-17626","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2019-17626"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17626","reference_id":"","reference_type":"","scores":[{"value":"0.16839","scoring_system":"epss","scoring_elements":"0.95077","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16839","scoring_system":"epss","scoring_elements":"0.95086","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17626"},{"reference_url":"https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"},{"reference_url":"https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qpg2-vx7j-3869","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpg2-vx7j-3869"},{"reference_url":"https://github.com/MrBitBucket/reportlab-mirror","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MrBitBucket/reportlab-mirror"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/reportlab/PYSEC-2019-117.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/reportlab/PYSEC-2019-117.yaml"},{"reference_url":"https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17626","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17626"},{"reference_url":"https://security.gentoo.org/glsa/202007-35","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://security.gentoo.org/glsa/202007-35"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240719-0006","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240719-0006"},{"reference_url":"https://usn.ubuntu.com/4273-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4273-1"},{"reference_url":"https://usn.ubuntu.com/4273-1/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://usn.ubuntu.com/4273-1/"},{"reference_url":"https://web.archive.org/web/20191016111823/https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20191016111823/https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"},{"reference_url":"https://www.debian.org/security/2020/dsa-4663","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://www.debian.org/security/2020/dsa-4663"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1769661","reference_id":"1769661","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1769661"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942763","reference_id":"942763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942763"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/","reference_id":"NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSCTOE3DITFICY2XKBYZ5WAF5TSQ52DM/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240719-0006/","reference_id":"ntap-20240719-0006","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240719-0006/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/","reference_id":"ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-07-19T16:35:28Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/"}],"weaknesses":[{"cwe_id":95,"name":"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')","description":"The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval)."},{"cwe_id":91,"name":"XML Injection (aka Blind XPath Injection)","description":"The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.6 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ae4-65em-sbdg"}