bleepingcomputer[.]com/news/security/exploit-released-for-rce-flaw-in-popular-reportlab-pdf-library/
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects to generate PDF files from HTML input.
ReportLab Toolkit is used by multiple projects as a PDF library and has approximately 3.5 million monthly downloads on PyPI (Python Package Index).
There have been a lot of PDF apps on GOTD, plus there's lot of free PDF software available, and any of them that use this toolkit prior to the fix, released on April 27,2023, are vulnerable.