RSS   Podatności dla 'Gotenberg'   RSS

2021-08-26
 
CVE-2020-14160

CWE-918
 

 
An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.

 
2021-01-07
 
CVE-2020-13452

CWE-276
 

 
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.

 
 
CVE-2020-13451

CWE-459
 

 
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.

 
 
CVE-2020-13450

CWE-22
 

 
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.

 
 
CVE-2020-13449

CWE-22
 

 
A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.

 


Copyright 2022, cxsecurity.com

 

Back to Top