WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
References
Configurations
No configuration.
History
23 Mar 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
09 Mar 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-09 01:15
Updated : 2024-03-23 03:15
NVD link : CVE-2024-28184
Mitre link : CVE-2024-28184
CVE.ORG link : CVE-2024-28184
JSON object : View
Products Affected
No product.
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere