Filtered by vendor Thecodingmachine
Subscriptions
Filtered by product Gotenberg
Subscriptions
Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-23345 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 5.3 Medium |
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. | ||||
CVE-2020-14161 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 6.1 Medium |
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | ||||
CVE-2020-14160 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 7.5 High |
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | ||||
CVE-2020-13452 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 9.8 Critical |
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | ||||
CVE-2020-13451 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 9.8 Critical |
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. | ||||
CVE-2020-13450 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 9.8 Critical |
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. | ||||
CVE-2020-13449 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 7.5 High |
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. |
Page 1 of 1.