CVE-2020-28463Server-Side Request Forgery in Reportlab

CWE-918Server-Side Request Forgery6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ReportlabDebian Python-reportlabFedoraproject Fedora
Timeline
PublishedFeb 18
Latest updateMar 29

Description

All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

PyPIreportlab/reportlab< 3.5.55
debiandebian/python-reportlab< python-reportlab 3.5.55-1 (bookworm)

Also affects: Fedora 34, 35

🔴Vulnerability Details

3
GHSA
Server-side Request Forgery (SSRF) via img tags in reportlab2021-03-29
OSV
Server-side Request Forgery (SSRF) via img tags in reportlab2021-03-29
OSV
CVE-2020-28463: All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags2021-02-18

📋Vendor Advisories

2
Red Hat
python-reportlab: Server-side request forgery via img tags2021-02-18
Debian
CVE-2020-28463: python-reportlab - All versions of package reportlab are vulnerable to Server-side Request Forgery ...2020