CVE-2023-33733 — Code Injection in Reportlab

CWE-94 — Code Injection11 documents9 sources

Severity

7.8HIGHNVD

EPSS

24.6%

top 3.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Reportlab Debian Python-reportlab Paloalto Pan-os

Timeline

PublishedJun 5

Latest updateFeb 14

Description

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶PyPIreportlab/reportlab< 3.6.13

▶debiandebian/python-reportlab< python-reportlab 3.6.12-1+deb12u1 (bookworm)

▶NVDreportlab/reportlab3.6.12

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

OSV

Reportlab vulnerable to remote code execution↗2023-06-05

▶

OSV

CVE-2023-33733: Reportlab up to v3↗2023-06-05

▶

GHSA

Reportlab vulnerable to remote code execution↗2023-06-05

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

ReportLab vulnerability↗2023-07-03

▶

Red Hat

python-reportlab: remote code execution via supplying a crafted PDF file↗2023-06-05

▶

Debian

CVE-2023-33733: python-reportlab - Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying...↗2023

▶

🕵️Threat Intelligence

Wiz

Crying Out Cloud - May Newsletter | Wiz↗2023-06-06

▶

📄Research Papers

CTF

HTB - Machines / SolarLab↗

▶

CTF

insane / README↗

▶