← Back

CVE-2024-28184

nvd nist
Published: Mar 9, 2024Modified: Dec 2, 2025

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Exploitability: 3.1 / Impact: 3.7
Source: security-advisories@github.com (Secondary)

Description

WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.

Affected (2)

Kozea
1 product
Weasyprint
Fedoraproject
1 product
Fedora
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Weasyprint
From 61.0 to 61.2
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 40

Related CWEs

CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (6)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory
Source: security-advisories@github.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.