PyPi: Weasyprint

CVE-2024-28184

Safety vulnerability ID: 71637

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 09, 2024 Updated at Dec 10, 2024

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of WeasyPrint have a vulnerability that allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs.

Affected package

weasyprint

Latest version: 63.1

The Awesome Document Factory

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-35jj-wx47-4w8r
https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28184

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application