CVE-2022-35583

2022-08-2216:15:09

Google

osv.dev

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target’s system by injecting iframe tag with initial asset IP address on it’s source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.

CPENameOperatorVersion
wkhtmltopdfeq0.12.6-2
wkhtmltopdfeq0.12.6-1
wkhtmltopdfeq0.9.7
wkhtmltopdfeq0.12.5-1
wkhtmltopdfeq0.12.4
wkhtmltopdfeq0.10.0_rc2
wkhtmltopdfeq0.9.8
wkhtmltopdfeq0.10.0_beta1
wkhtmltopdfeq0.9.0_beta2
wkhtmltopdfeq0.10.0_beta3

Name	Operator	Version
wkhtmltopdf	eq	0.12.6-2
wkhtmltopdf	eq	0.12.6-1
wkhtmltopdf	eq	0.9.7
wkhtmltopdf	eq	0.12.5-1
wkhtmltopdf	eq	0.12.4
wkhtmltopdf	eq	0.10.0_rc2
wkhtmltopdf	eq	0.9.8
wkhtmltopdf	eq	0.10.0_beta1
wkhtmltopdf	eq	0.9.0_beta2
wkhtmltopdf	eq	0.10.0_beta3