All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags.
Created python-reportlab tracking bugs for this issue:
Affects: fedora-all [bug 1930417]
Set CVSS Confidentiality metrics to Low and Integrity to Low because the contents of the attacked address aren't disclosed, only the presence of the address and potentially the Integrity if the address allows state changing actions via HTTP get method.
This flaw is out of support scope for the following products:
* Red Hat Enterprise Linux 6
* Red Hat Enterprise Linux 7
To learn more about Red Hat Enterprise Linux support scope, please see https://access.redhat.com/support/policy/updates/errata/