Lucene search
+L

4 matches found

Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42375

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes in github.com/gotenberg/gotenberg...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 1:15 a.m.13 views

Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme

Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/07 1:15 a.m.3 views

GHSA-G924-CJX7-2RJW Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme

Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38387

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.32.0 Description Anonymous callers can access the '/forms/chromium/convert/url' and '/forms/chromium/screenshot/url' endpoints using the url parameter with the file:///tmp/ scheme. While a deny-list exists to...

5.9CVSS5.9AI score0.00251EPSS
Exploits1References6
Rows per page
Query Builder