5 matches found
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...
CVE-2020-14161
CVE-2020-14161 affects Gotenberg and is exploited as a Server-Side Request Forgery (SSRF) via the /convert/html endpoint. The root cause is insecure handling of the src in HTML elements, enabling an attacker to reference internal files (e.g., file:// URIs) through the chromium module used by the ...