Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thecodingmachine gotenberg vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-14160
An SSRF vulnerability in Gotenberg up to and including 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
Thecodingmachine Gotenberg
383
VMScore
CVE-2020-14161
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg up to and including 6.2.1 via the /convert/html endpoint.
Thecodingmachine Gotenberg
445
VMScore
CVE-2021-23345
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>...
Thecodingmachine Gotenberg
445
VMScore
CVE-2020-13449
A directory traversal vulnerability in the Markdown engine of Gotenberg up to and including 6.2.1 allows an malicious user to read any container files.
Thecodingmachine Gotenberg
1 Github repository
668
VMScore
CVE-2020-13450
A directory traversal vulnerability in file upload function of Gotenberg up to and including 6.2.1 allows an malicious user to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.
Thecodingmachine Gotenberg
1 Github repository
668
VMScore
CVE-2020-13451
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg up to and including 6.2.1 allows an malicious user to overwrite LibreOffice configuration files and execute arbitrary code via macros.
Thecodingmachine Gotenberg
1 Github repository
668
VMScore
CVE-2020-13452
In Gotenberg up to and including 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an malicious user to overwrite the file, which can lead to denial of service or code execution.
Thecodingmachine Gotenberg
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started