HIGH 7.5
PYSEC-2024-301
Details
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain
arbitrary local files. This is possible because the application does not
validate the HTML content entered by the user.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pyhtml2pdf
Introduced in:
0 No fixed version published yet for pyhtml2pdf (pip). Pin to a known-safe version or switch to an alternative.
References
- https://pypi.org/project/pyhtml2pdf/ [PACKAGE]
- https://fluidattacks.com/advisories/oliver/ [EVIDENCE]