CVE-2020-28463

Name of the Vulnerable Software and Affected Versions reportlab versions prior to the version with the fix

Description The issue is related to Server-side Request Forgery (SSRF) via img tags. It allows a remote attacker to access confidential data due to insufficient request validation. To reduce the risk, using trustedSchemes and trustedHosts as specified in Reportlab's documentation is recommended. The vulnerability can be exploited by injecting an img tag with a malicious src attribute into a text file that is converted to PDF. This can be demonstrated by following specific steps, including downloading and installing the latest package of reportlab, injecting a malicious img tag into a text file, and creating a netcat listener to capture the server-side request.

Recommendations To resolve the issue, use trustedSchemes and trustedHosts as specified in Reportlab's documentation for all versions of reportlab prior to the version with the fix. As a temporary workaround, consider restricting the use of img tags in reportlab until a patch is available. Avoid using untrusted sources for img tags in reportlab to minimize the risk of exploitation.