cve/CVE-2019-17626.md at 594c8e952101730b1f9f9e6ac2afce8de85a4446

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

786 B

Raw Blame History

CVE-2019-17626

Description

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cve-scores
https://github.com/asa1997/topgear_test

786 B Raw Blame History

CVE-2019-17626

Description

POC

Reference

Github

786 B

Raw Blame History