C53Elyas

**Name of the Vulnerable Software and Affected Versions** ReportLab versions up to 3.6.12 **Description** The issue is related to the `rl safe eval()` function in the ReportLab library, which is associated with incorrect code generation management. This can allow a remote attacker to bypass security restrictions and execute arbitrary code by supplying a crafted PDF file. The root cause of the problem is the ability to bypass sandbox restrictions implemented on the `rl safe eval` function. **Recommendations** For ReportLab versions up to 3.6.12, update to a version later than 3.6.12 to resolve the issue. As a temporary workaround, consider disabling the `rl safe eval()` function until a patch is available. Restrict access to the `rl safe eval` function to minimize the risk of exploitation. Avoid using the `rl safe eval` function in the affected API endpoints until the issue is resolved. At the moment, there is no other information about additional mitigation measures.