WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-09T00:50:32.115Z
Updated: 2024-03-09T00:50:32.115Z
Reserved: 2024-03-06T17:35:00.857Z
Link: CVE-2024-28184
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-03-09T01:15:07.573
Modified: 2024-03-23T03:15:11.827
Link: CVE-2024-28184
JSON object: View
Redhat Information
No data.
CWE