June 1, 2023
RCE Vulnerability Affecting ReportLab PDF library Exploited in The Wild
Researcher released an exploit for a Remote Code Exaction (RCE) vulnerability affecting ReportLab Toolkit, a popular Python library for generating PDF files from HTML input.
the issue was reported to ReportLab’s developers upon discovery.
- CVE-2023-3733 – RCE vulnerability which allows an attacker to bypass sandbox restrictions on the ‘rl_safe_eval’ function, which suppose to prevent malicious code execution.
The vulnerability impacts all earlier versions of the ReportLab PDF library.
CYREBRO recommends to update the PDF library to ReportLab version 3.6.13.