Name of the Vulnerable Software and Affected Versions ReportLab versions prior to 3.5.27

Description The issue allows remote code execution due to the use of eval() in the toColor() function within colors.py. This can be exploited by crafting a malicious XML document that includes arbitrary Python code, for example, using the <span color=" tag followed by the malicious code.

Recommendations For ReportLab versions prior to 3.5.27, update to version 3.5.27 or later to resolve the issue. As a temporary workaround, consider restricting the use of the toColor() function or disabling the evaluation of user-supplied input in the colors.py module until a patch is applied. Avoid using the eval() function with untrusted input to minimize the risk of exploitation.