Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thecodingmachine gotenberg vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-13450
A directory traversal vulnerability in file upload function of Gotenberg up to and including 6.2.1 allows an malicious user to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.
Thecodingmachine Gotenberg
1 Github repository
9.8
CVSSv3
CVE-2020-13451
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg up to and including 6.2.1 allows an malicious user to overwrite LibreOffice configuration files and execute arbitrary code via macros.
Thecodingmachine Gotenberg
1 Github repository
9.8
CVSSv3
CVE-2020-13452
In Gotenberg up to and including 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an malicious user to overwrite the file, which can lead to denial of service or code execution.
Thecodingmachine Gotenberg
1 Github repository
7.5
CVSSv3
CVE-2020-14160
An SSRF vulnerability in Gotenberg up to and including 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
Thecodingmachine Gotenberg
7.5
CVSSv3
CVE-2020-13449
A directory traversal vulnerability in the Markdown engine of Gotenberg up to and including 6.2.1 allows an malicious user to read any container files.
Thecodingmachine Gotenberg
1 Github repository
6.1
CVSSv3
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg up to and including 6.2.1 via the /convert/html endpoint.
Thecodingmachine Gotenberg
5.3
CVSSv3
CVE-2021-23345
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>...
Thecodingmachine Gotenberg
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started