Security Advisory

CVE-2021-23345

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-26 17:20:17

Last updated 2024-09-16 17:17:42

Assigner snyk

State PUBLISHED

Description

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src=file:///etc/passwd>.

← Browse all CVEs View on cve.org ↗