VYPR
High severity8.2OSV Advisory· Published Jul 19, 2024· Updated Jul 2, 2026

CVE-2024-21527

CVE-2024-21527

Description

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as . By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system. Workaround An alternative is using either or both --chromium-deny-list and --chromium-allow-list flags.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Gotenberg/GotenbergOSV2 versions
    1.0.0, 2.0.0, 3.0.0, …+ 1 more
    • (no CPE)range: 1.0.0, 2.0.0, 3.0.0, …
    • (no CPE)range: <8.1.0

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.