CVE-2019-17626

Published: 2019-10-16T12:15Z

Last Modified: 2024-11-21T04:32Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt