CVE-2024-28184 Information
Description
WeasyPrint helps web developers to create PDF documents. Since version 61.0 there’s a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document even if url_fetcher is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
Reference
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r
https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598
WeasyPrint
helps
web
developers
to
create
PDF
documents.
Since
version
61.0
there’s
a
vulnerability
which
allows
attaching
content
of
arbitrary
files
and
URLs
to
a
generated
PDF
document
even
if
url_fetcher
is
configured
to
prevent
access
to
files
and
URLs.
This
vulnerability
has
been
patched
in
version
61.2.