{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-28463","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","dateUpdated":"2024-09-17T01:27:03.761Z","dateReserved":"2020-11-12T00:00:00.000Z","datePublished":"2021-02-18T16:00:21.220Z"},"containers":{"cna":{"title":"Server-side Request Forgery (SSRF)","datePublic":"2021-02-18T00:00:00.000Z","providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-09-29T21:06:26.944Z"},"descriptions":[{"lang":"en","value":"All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=\"http://127.0.0.1:5000\" valign=\"top\"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF"}],"affected":[{"vendor":"n/a","product":"reportlab","versions":[{"version":"0","status":"affected","lessThan":"unspecified","versionType":"custom"}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145"},{"url":"https://www.reportlab.com/docs/reportlab-userguide.pdf"},{"name":"FEDORA-2021-13cdc0ab0e","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/"},{"name":"FEDORA-2021-04bfae8300","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/"},{"name":"[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"}],"credits":[{"lang":"en","value":"Karan Bamal"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","exploitCodeMaturity":"PROOF_OF_CONCEPT","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","baseScore":6.5,"temporalScore":6.2,"baseSeverity":"MEDIUM","temporalSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Server-side Request Forgery (SSRF)"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T16:40:59.361Z"},"title":"CVE Program Container","references":[{"url":"https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145","tags":["x_transferred"]},{"url":"https://www.reportlab.com/docs/reportlab-userguide.pdf","tags":["x_transferred"]},{"name":"FEDORA-2021-13cdc0ab0e","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/"},{"name":"FEDORA-2021-04bfae8300","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/"},{"name":"[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html"}]}]}}