Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-side Request Forgery (SSRF)
Vulnerability Description
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Julien Neuhart gotenberg 代码问题漏洞
Vulnerability Description
Julien Neuhart gotenberg是 Julien Neuhart开源的一个应用接口。用于将HTML,Markdown和Office文档转换为PDF。 gotenberg 存在安全漏洞,该漏洞源于容易受到通过/convert/html端点伪造服务器端请求(SSRF)的攻击。
CVSS Information
N/A
Vulnerability Type
N/A