Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Thecodingmachine Subscribe
Filtered by product Gotenberg
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14161 1 Thecodingmachine 1 Gotenberg 2021-09-07 4.3 MEDIUM 6.1 MEDIUM
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.
CVE-2020-14160 1 Thecodingmachine 1 Gotenberg 2021-09-01 5.0 MEDIUM 7.5 HIGH
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
CVE-2021-23345 1 Thecodingmachine 1 Gotenberg 2021-03-09 5.0 MEDIUM 5.3 MEDIUM
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.
CVE-2020-13452 1 Thecodingmachine 1 Gotenberg 2021-01-08 7.5 HIGH 9.8 CRITICAL
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.
CVE-2020-13451 1 Thecodingmachine 1 Gotenberg 2021-01-08 7.5 HIGH 9.8 CRITICAL
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.
CVE-2020-13450 1 Thecodingmachine 1 Gotenberg 2021-01-08 7.5 HIGH 9.8 CRITICAL
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.
CVE-2020-13449 1 Thecodingmachine 1 Gotenberg 2021-01-08 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.