<p>Upgrade <code>reportlab</code> to version 3.5.55 or higher.</p>

Server-side Request Forgery (SSRF) Affecting reportlab package, versions [0,3.5.55)

Snyk CVSS

Attack Complexity Low

Confidentiality High

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 0.16% (52^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-REPORTLAB-1022145
published 3 Jan 2021
disclosed 27 Oct 2020
credit Karan Bamal

Report a new vulnerability Found a mistake?

Introduced: 27 Oct 2020

CVE-2020-28463 Open this link in a new tab CWE-918 Open this link in a new tab First added by Snyk

How to fix?

Upgrade reportlab to version 3.5.55 or higher.

Overview

reportlab is a Python library for generating PDFs and graphics.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation), introduced in version 3.5.55.

Steps to reproduce by Karan Bamal:

Download and install the latest package of reportlab
Go to demos -> odyssey -> dodyssey
In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/>
Create a nc listener nc -lp 5000
Run python3 dodyssey.py
You will get a hit on your nc showing we have successfully proceded to send a server side request
dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF