A directory traversal vulnerability in the Markdown engine of Gotenberg up to and including 6.2.1 allows an malicious user to read any container files.
PoC code for exploiting Gotenberg 2020 vulnerabilities
Refer to CVE-2020-13449, CVE-2020-13450, CVE-2020-13451, CVE-2020-13452:
sploittech/2020/12/29/Gotenberghtml
Write-up:
Instructions
Run gotenberg version 620 or earlier:
$ docker run --rm -p 3000:3000 --name gotenberg thecodingmachine/gotenberg:620
Execute the exploit