9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.025 Low
EPSS
Percentile
90.2%
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get
initial access into the target’s system by injecting iframe tag with
initial asset IP address on it’s source. This allows the attacker to
takeover the whole infrastructure by accessing their internal assets.
Author | Note |
---|---|
ccdm94 | as of 2023-07-18, no fix for this vulnerability was made available by upstream. That is because this is not being considered a wkhtmltopdf issue, but instead an issue with applications using wktohtmlpdf without first sanitizing input that is user-supplied HTML/JS. In the related GitHub issue page it is possible to see that this issue is possibly being disputed. Commit 5426e55 was presented by maintainers as the commit that highlights the fact that they are aware of this behavior, and consider it to be expected. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | wkhtmltopdf | < any | UNKNOWN |
ubuntu | 20.04 | noarch | wkhtmltopdf | < any | UNKNOWN |
ubuntu | 22.04 | noarch | wkhtmltopdf | < any | UNKNOWN |
ubuntu | 23.10 | noarch | wkhtmltopdf | < any | UNKNOWN |
ubuntu | 24.04 | noarch | wkhtmltopdf | < any | UNKNOWN |
ubuntu | 14.04 | noarch | wkhtmltopdf | < any | UNKNOWN |
ubuntu | 16.04 | noarch | wkhtmltopdf | < any | UNKNOWN |