Gotenberg
by Gotenberg
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14160 | 0.00 | — | 0.02 | Aug 26, 2021 | An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | |||
| CVE-2020-14161 | 0.00 | — | 0.01 | Aug 26, 2021 | It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | |||
| CVE-2021-23345 | 0.00 | — | 0.01 | Feb 26, 2021 | All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as . | |||
| CVE-2020-13451 | 0.00 | — | 0.03 | Jan 7, 2021 | An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. | |||
| CVE-2020-13452 | 0.00 | — | 0.03 | Jan 7, 2021 | In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. |
- CVE-2020-14160Aug 26, 2021risk 0.00cvss —epss 0.02
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
- CVE-2020-14161Aug 26, 2021risk 0.00cvss —epss 0.01
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.
- CVE-2021-23345Feb 26, 2021risk 0.00cvss —epss 0.01
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as .
- CVE-2020-13451Jan 7, 2021risk 0.00cvss —epss 0.03
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.
- CVE-2020-13452Jan 7, 2021risk 0.00cvss —epss 0.03
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.
Page 2 of 2