2 matches found
CVE-2025-55151
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality /api/v1/convert/file/pdf uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process...
CVE-2025-55150
Stirling-PDF prior to version 1.1.0 is affected by an SSRF vulnerability in the HTML-to-PDF conversion path. Specifically, the /api/v1/convert/html/pdf endpoint uses a sanitizer during HTML processing that can be bypassed, allowing the backend to trigger requests to external resources via a third...