CVE-2023-33733

HIGH

reportlab < 3.6.12 - Remote Code Execution via Crafted PDF File

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2023-33733. PoCs published by c53elyas, L41KAA, onion2203.

AI-analyzed exploit summary This PoC demonstrates a bypass of ReportLab's sandboxed `rl_safe_eval` to achieve remote code execution via a custom `type` class manipulation and attribute access bypass. The exploit leverages a crafted `Word` class to bypass safety checks and access restricted attributes.

Description

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

Exploits (5)

nomisec WORKING POC 120 stars

by c53elyas · poc

https://github.com/c53elyas/CVE-2023-33733

View Code ZIP pw:eip

This PoC demonstrates a bypass of ReportLab's sandboxed `rl_safe_eval` to achieve remote code execution via a custom `type` class manipulation and attribute access bypass. The exploit leverages a crafted `Word` class to bypass safety checks and access restricted attributes.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: ReportLab Python library (versions affected by CVE-2023-33733)

No auth needed

Prerequisites: Target application must process untrusted HTML input with ReportLab

MITRE ATT&CK

T1059.006 - Python T1220 - XSL Script Processing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by L41KAA · poc

https://github.com/L41KAA/CVE-2023-33733-Exploit-PoC

View Code ZIP pw:eip

This is a Python-based exploit PoC for CVE-2023-33733, which leverages a command injection vulnerability in the target software. The script allows for authenticated RCE by sending a malicious payload via a crafted multipart/form-data request to the /leaveRequest endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unknown (likely a web application with a leave request feature)

Auth required

Prerequisites: Valid session cookie or credentials for authentication · Network access to the target host and port

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by onion2203 · poc

https://github.com/onion2203/Lab_Reportlab

View Code ZIP pw:eip

This repository contains a Flask-based web application designed to test CVE-2023-33733, a vulnerability in ReportLab. The application allows users to upload HTML files, which are then converted to PDFs using ReportLab's SimpleDocTemplate, potentially exposing the vulnerability.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: ReportLab (version not specified)

No auth needed

Prerequisites: Flask · ReportLab · Python environment

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by buiduchoang24 · poc

https://github.com/buiduchoang24/CVE-2023-33733

View Code ZIP pw:eip

This repository contains a working PoC for CVE-2023-33733, demonstrating an RCE vulnerability in ReportLab v3.6.12. The exploit involves uploading a malicious HTML file to trigger remote code execution via the ReportLab library's handling of HTML content.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ReportLab v3.6.12

No auth needed

Prerequisites: Network access to the target server · ReportLab v3.6.12 installed on the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by hoangbui24 · poc

https://github.com/hoangbui24/CVE-2023-33733

View Code ZIP pw:eip

The repository contains only a README.md file mentioning CVE-2023-33733, a Remote Code Execution vulnerability in the Reportlab Library. No exploit code or technical details are provided.

Classification

Writeup 30%

Attack Type

Rce

Complexity

Theoretical

Reliability

Theoretical

Target: Reportlab Library (version unspecified)

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory

https://github.com/c53elyas/CVE-2023-33733

Mailing List

https://lists.debian.org/debian-lts-announce/2024/10/msg00008.html

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ALE727IRACYBTTOFIFG57RS4OA2SHIJ/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36WOY22ECJCPOXHVTNCHEWOQLL7JSWP4/

Scores

CVSS v3 7.8

EPSS 0.3023

EPSS Percentile 96.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (2)

pypi/reportlab 0 - 3.6.13PyPI

reportlab/reportlab < 3.6.12

Published Jun 05, 2023

Tracked Since Feb 18, 2026