Nullie

**Name of the Vulnerable Software and Affected Versions** WeasyPrint versions 61.0 through 61.1 **Description** WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url fetcher` is configured to prevent access to files and URLs. **Recommendations** For WeasyPrint versions 61.0 through 61.1, update to version 61.2 to resolve the issue. As a temporary workaround, check that no PDF attachment is defined in source HTML. Launch WeasyPrint in a sandbox that prevents access to the filesystem and the network.