Ravi Prakash Giri

**Name of the Vulnerable Software and Affected Versions** ReportLab versions prior to 3.5.31 **Description** The issue is related to the `start unichar` function in `paraparser.py`, which incorrectly processes XML documents. This allows a remote attacker to execute arbitrary code by crafting a malicious XML document with a `<unichar code>` element containing Python code. **Recommendations** For versions prior to 3.5.31, update to version 3.5.31 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `start unichar` function in `paraparser.py` to minimize the risk of exploitation. Avoid evaluating untrusted user input in the `unichar` element of XML documents until the issue is resolved.