2 matches found
Server-side Request Forgery (SSRF)
Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the resolveremotefilename function, which processes headers from remote requests. An attacker can access sensitive fil...
PT-2026-46123
Name of the Vulnerable Software and Affected Versions docling-core versions 1.5.0 through 2.74.0 Description The software does not sufficiently restrict remote request destinations and can resolve a server-provided Content-Disposition to a local path in an unsafe manner. In applications that acce...