Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the chromium/convert/url endpoint due to insufficient validation of redirect destinations agains...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the chromium/convert/url endpoint due to insufficient validation of redirect destinations against the deny-list. An attacker can access internal network resources and sensitive endpoints by supplying ...

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the convertUrlRoute and screenshotUrlRoute processes. An attacker can access sensitive files...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and...

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the FilterOutboundURL process. An attacker can access internal network resources and retrie...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extraHttpHeaders field in the /forms/chromium/screenshot/url endpoint, where user-supplied scope patterns are compiled without a proper timeout. An attacker can cause the...

Allocation of Resources Without Limits or Throttling

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extraHttpHeaders field in the /forms/chromium/screenshot/url endpoint,...

PT-2024-18941

Name of the Vulnerable Software and Affected Versions github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0 Description Th...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when a request is made to a file via localhost, such as . By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read o...

Server-side Request Forgery (SSRF)

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal syst...