Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-14161 | 1 Thecodingmachine | 1 Gotenberg | 2021-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | |||||
CVE-2020-14160 | 1 Thecodingmachine | 1 Gotenberg | 2021-09-01 | 5.0 MEDIUM | 7.5 HIGH |
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | |||||
CVE-2021-23345 | 1 Thecodingmachine | 1 Gotenberg | 2021-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. | |||||
CVE-2020-13452 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | |||||
CVE-2020-13451 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. | |||||
CVE-2020-13450 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. | |||||
CVE-2020-13449 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 5.0 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. |