Base Score

HIGH7.4

CVE-2024-28184

WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateMar 09, 2024, 01:15

Affected Versions(1)

weasyprint(PyPI)

Introduced61.0

Fixed61.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
weasyprint(PyPI)	61.0	61.2	N/A

Weakness Type (CWE):CWE-829

CVSS Metrics

Base Score

7.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

HIGH7.4

Weakness Type (CWE):CWE-829

CVSS Metrics

Base Score

7.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW