WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-09T00:50:32.115Z

Updated: 2024-08-02T00:48:49.410Z

Reserved: 2024-03-06T17:35:00.857Z

Link: CVE-2024-28184

cve-icon Vulnrichment

Updated: 2024-08-02T00:48:49.410Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-09T01:15:07.573

Modified: 2024-11-21T09:05:58.833

Link: CVE-2024-28184

cve-icon Redhat

No data.