Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thecodingmachine gotenberg vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-14160
An SSRF vulnerability in Gotenberg up to and including 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
Thecodingmachine Gotenberg
4.3
CVSSv2
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg up to and including 6.2.1 via the /convert/html endpoint.
Thecodingmachine Gotenberg
5
CVSSv2
CVE-2021-23345
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>...
Thecodingmachine Gotenberg
7.5
CVSSv2
CVE-2020-13450
A directory traversal vulnerability in file upload function of Gotenberg up to and including 6.2.1 allows an malicious user to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.
Thecodingmachine Gotenberg
1 Github repository
5
CVSSv2
CVE-2020-13449
A directory traversal vulnerability in the Markdown engine of Gotenberg up to and including 6.2.1 allows an malicious user to read any container files.
Thecodingmachine Gotenberg
1 Github repository
7.5
CVSSv2
CVE-2020-13451
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg up to and including 6.2.1 allows an malicious user to overwrite LibreOffice configuration files and execute arbitrary code via macros.
Thecodingmachine Gotenberg
1 Github repository
7.5
CVSSv2
CVE-2020-13452
In Gotenberg up to and including 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an malicious user to overwrite the file, which can lead to denial of service or code execution.
Thecodingmachine Gotenberg
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started