CVE-2020-27998: Missing Authorization

October 29, 2020 (updated July 21, 2021)

An issue was discovered in FastReport. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.

References

github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0
github.com/FastReports/FastReport/pull/206
nvd.nist.gov/vuln/detail/CVE-2020-27998
opensource.fast-report.com/2020/09/report-script-security.html
securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports

Detect and mitigate CVE-2020-27998 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →