Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thecodingmachine gotenberg vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13450
A directory traversal vulnerability in file upload function of Gotenberg up to and including 6.2.1 allows an malicious user to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.
Thecodingmachine Gotenberg
1 Github repository
9.8
CVSSv3
CVE-2020-13451
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg up to and including 6.2.1 allows an malicious user to overwrite LibreOffice configuration files and execute arbitrary code via macros.
Thecodingmachine Gotenberg
1 Github repository
5.3
CVSSv3
CVE-2021-23345
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>...
Thecodingmachine Gotenberg
7.5
CVSSv3
CVE-2020-13449
A directory traversal vulnerability in the Markdown engine of Gotenberg up to and including 6.2.1 allows an malicious user to read any container files.
Thecodingmachine Gotenberg
1 Github repository
9.8
CVSSv3
CVE-2020-13452
In Gotenberg up to and including 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an malicious user to overwrite the file, which can lead to denial of service or code execution.
Thecodingmachine Gotenberg
1 Github repository
7.5
CVSSv3
CVE-2020-14160
An SSRF vulnerability in Gotenberg up to and including 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
Thecodingmachine Gotenberg
6.1
CVSSv3
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg up to and including 6.2.1 via the /convert/html endpoint.
Thecodingmachine Gotenberg
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started