CNNVD-202601-3047 Information

CNNVD ID

CNNVD-202601-3047

Related CVE

CVE-2025-68616

• CNNVD Published: 2026-01-19

Description (Chinese)

WeasyPrint是Kozea开源的一种智能解决方案。可帮助 Web 开发人员创建 PDF 文件。 WeasyPrint 68.0之前版本存在代码问题漏洞，该漏洞源于default_url_fetcher存在服务端请求伪造保护绕过，可能导致攻击者访问内部网络资源。

Description (English)

WeasyPrint is an open source smart solution for Kozea. Helps web developers to create PDF files. WeasyPrint 68.0 had a code problem loophole, which stemmed from the existence of a service-end request for false protection, which could lead to attackers accessing internal network resources.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Kozea

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565 https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv https://access.redhat.com/security/cve/cve-2025-68616

Patch

https://github.com/Kozea/WeasyPrint/releases