Thecodingmachine - Gotenberg CVE

Filtered by vendor Thecodingmachine Subscribe

Filtered by product Gotenberg

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-14161	1 Thecodingmachine	1 Gotenberg	2021-09-07	4.3 MEDIUM	6.1 MEDIUM
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.
CVE-2021-23345	1 Thecodingmachine	1 Gotenberg	2021-03-09	5.0 MEDIUM	5.3 MEDIUM
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.

Vulnerabilities (CVE)