---

CVE-2020-28463 - log back

CVE-2020-28463 edited at 09 May 2021 18:45:39
References	https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 + https://github.com/advisories/GHSA-mpvw-25mg-59vx

CVE-2020-28463 edited at 19 Feb 2021 09:23:24
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Url request injection
Description	+ All versions of package python-reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation).
References	+ https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
Notes

CVE-2020-28463 created at 19 Feb 2021 09:20:54