ReportLab, a widely used Python library for converting HTML to PDF with approximately 3.5 million monthly downloads on PyPI, contains a critical vulnerability that enables the bypassing of sandbox restrictions. This write-up provides detailed insights into the discovery and exploitation of CVE-2023-33733 – a remote code execution (RCE) vulnerability in ReportLab. Given the library’s prevalence… Continue reading How to fix CVE-2023-33733 in ReportLab
First Officer’s log, Terrestrial date, 20220926. Officer of the Deck reporting. We have been getting steady mission updates from the team on [REDACTED] and they are making admirable progress. However, it has not been without complications. I may have to put Lieutenant [REDACTED] in for a commendation for her not taking a Phaser to some… Continue reading CVE-2007-4559 revival and more: first officer’s blog – week 18
New exploit published for a Group Policy vulnerability disclosed back in 2015, allows remote code execution on vulnerable version of Windows. While the original CVSS score for the vulnerability was just 3.3, the new exploit may in fact require immediate attention.