A vulnerability was found in ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Reference: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md
Created python-reportlab tracking bugs for this issue: Affects: fedora-all [bug 1769662]
Applications that use python-reportlab to generate PDFs and accept untrusted input that may be evaluated as a color for an element of the generated PDF, could be vulnerable to this flaw. It allows a possibly remote attacker to run any python code on the system.
Mitigation: No known mitigation available.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0197 https://access.redhat.com/errata/RHSA-2020:0197
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17626
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0195 https://access.redhat.com/errata/RHSA-2020:0195
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0201 https://access.redhat.com/errata/RHSA-2020:0201
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0230 https://access.redhat.com/errata/RHSA-2020:0230
Statement: This vulnerability will not be fixed in Red Hat Quay because it only affects a non-supported feature which is disabled behind a feature flag.