Exploit released for RCE flaw in popular ReportLab PDF library


ReportLab Toolkit, a well-known Python library used by many projects to create PDF files from HTML input, contains a remote code execution (RCE) vulnerability for which a researcher has provided a workable attack. An estimated 3.5 million people download ReportLab Toolkit each month from PyPI (Python Package Index), which is utilised by numerous applications as a PDF library.

The vulnerability’s proof-of-concept (PoC) attack, identified as CVE-2023-33733, was posted on GitHub yesterday along with a write-up that offers technical information on the bug, boosting the possibility that it will be used in the wild.

Read More…