Lucene search
+L
ThecodingmachineGotenberg

7 matches found

CVE
CVE
added 2021/01/07 9:16 p.m.72 views

CVE-2020-13452

Gotenberg <= 6.2.1 is affected by insecure permissions on tini (writable by the gotenberg user), enabling an attacker to overwrite files and potentially trigger denial of service or code execution. Vulnerability details are supported by multiple sources (e.g., Red Hat, CNVD, OSV, Veracode) and...

9.8CVSS9.5AI score0.02746EPSS
CVE
CVE
added 2021/01/07 9:16 p.m.70 views

CVE-2020-13451

CVE-2020-13451 affects Gotenberg up to version 6.2.1. The issue is described as an incomplete-cleanup vulnerability in the Office rendering engine, enabling an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. Connected documents corroborate the vulnerab...

9.8CVSS9.6AI score0.0302EPSS
CVE
CVE
added 2021/01/07 9:17 p.m.66 views

CVE-2020-13449

CVE-2020-13449 affects Gotenberg's Markdown engine up to version 6.2.1, enabling directory traversal to read arbitrary container files. Root cause: directory traversal in the Markdown renderer. Impact: potential exposure of container files. Exploitation status: the PacketStorm entry indicates a c...

7.5CVSS7.3AI score0.04936EPSS
CVE
CVE
added 2021/01/07 9:17 p.m.65 views

CVE-2020-13450

CVE-2020-13450 concerns Gotenberg, a Docker-powered stateless API for document conversion. The vulnerability is a directory traversal in the file upload function, affecting versions up to 6.2.1 (and earlier per sources). An attacker can upload and overwrite any writable files outside the intended...

9.8CVSS9.6AI score0.05591EPSS
CVE
CVE
added 2021/08/26 10:57 a.m.45 views

CVE-2020-14161

CVE-2020-14161 affects Gotenberg and is exploited as a Server-Side Request Forgery (SSRF) via the /convert/html endpoint. The root cause is insecure handling of the src in HTML elements, enabling an attacker to reference internal files (e.g., file:// URIs) through the chromium module used by the ...

6.1CVSS6.1AI score0.00902EPSS
CVE
CVE
added 2021/08/26 10:57 a.m.43 views

CVE-2020-14160

Gotenberg up to version 6.2.1 contains an SSRF in the remote URL to PDF conversion, allowing an attacker to read local files or access intranet resources. Affected component is the PDF conversion endpoint that processes remote URLs. The issue is evidenced across multiple sources (NVD description ...

7.5CVSS7.3AI score0.01695EPSS
CVE
CVE
added 2021/02/26 5:20 p.m.41 views

CVE-2021-23345

CVE-2021-23345 affects the Go package github.com/thecodingmachine/gotenberg (and related Chromium module) with a Server-Side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute references an internal file (e.g., ). Connected sources confirm this SSRF behavior and provide ...

5.3CVSS5.3AI score0.01053EPSS
Web