WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if url_fetcher is configured to prevent access to files and URLs.