CVE-2024-28184

Name of the Vulnerable Software and Affected Versions WeasyPrint versions 61.0 through 61.1

Description WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if url fetcher is configured to prevent access to files and URLs.

Recommendations For WeasyPrint versions 61.0 through 61.1, update to version 61.2 to resolve the issue. As a temporary workaround, check that no PDF attachment is defined in source HTML. Launch WeasyPrint in a sandbox that prevents access to the filesystem and the network.