Lucene search
K
ThecodingmachineGotenberg

4 matches found

CVE
CVE
added 2021/02/26 5:20 p.m.38 views

CVE-2021-23345

CVE-2021-23345 affects the Go package github.com/thecodingmachine/gotenberg (and related Chromium module) with a Server-Side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute references an internal file (e.g., ). Connected sources confirm this SSRF behavior and provide ...

5.3CVSS5.3AI score0.01053EPSS
Web
CVE
CVE
added 2026/05/14 3:31 p.m.25 views

CVE-2026-42593

CVE-2026-42593 affects Gotenberg: multiple routes (merge, split, LibreOffice convert, chromium convert variants) improperly accept stampSource=pdf/stampExpression and watermarkSource=pdf/watermarkExpression from anonymous callers. If stampExpression or watermarkExpression points to a file path th...

5.3CVSS5.8AI score0.00311EPSS
Web
CVE
CVE
added 2026/05/14 3:30 p.m.22 views

CVE-2026-42592

Gotenberg (v7/v8) contains a DNS rebinding/SSRF issue in the FilterOutboundURL flow. Before 8.32.0, FilterOutboundURL resolves hostnames, filters IPs against a private-address deny-list, but discards the resolved addresses. Chromium then performs its own DNS resolution when navigating to the URL,...

5.3CVSS5.8AI score0.00186EPSS
CVE
CVE
added 2026/05/14 3:34 p.m.16 views

CVE-2026-42597

Gotenberg’s Chromium URL routes (/forms/chromium/convert/url and /forms/chromium/screenshot/url) allow file:// access to /tmp for anonymous callers, enabling cross-request data exfiltration by enumerating work/request directories during overlapping conversions. This is caused by the HTML/Markdown...

5.9CVSS5.8AI score0.00251EPSS
Web