VYPR

Gotenberg

by Gotenberg

Source repositories

CVEs (25)

  • CVE-2020-14160Aug 26, 2021
    risk 0.00cvss epss 0.02

    An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.

  • CVE-2020-14161Aug 26, 2021
    risk 0.00cvss epss 0.01

    It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.

  • CVE-2021-23345Feb 26, 2021
    risk 0.00cvss epss 0.01

    All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as .

  • CVE-2020-13451Jan 7, 2021
    risk 0.00cvss epss 0.03

    An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.

  • CVE-2020-13452Jan 7, 2021
    risk 0.00cvss epss 0.03

    In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.

Page 2 of 2