Lucene search

Gentoo FoundationMGASA-2022-0407

HistoryNov 05, 2022 - 12:16 a.m.

Updated wkhtmltopdf packages fix security vulnerability

2022-11-0500:16:03

Gentoo Foundation

advisories.mageia.org

wkhtmltopdf

security vulnerability

directory traversal

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.005

Percentile

76.5%

JSON

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. (CVE-2020-21365)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchwkhtmltopdf< 0.12.5-4.1wkhtmltopdf-0.12.5-4.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	wkhtmltopdf	< 0.12.5-4.1	wkhtmltopdf-0.12.5-4.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=31023

www.debian.org/lts/security/2022/dla-3158

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.005

Percentile

76.5%

JSON

Related for MGASA-2022-0407