Elavon Payments

**Name of the Vulnerable Software and Affected Versions** github.com/thecodingmachine/gotenberg (affected versions not specified) **Description** The issue allows for Server-side Request Forgery (SSRF) via the "/convert/html" endpoint. This occurs when the `src` attribute of an HTML element, such as an `iframe`, refers to an internal system file, for example, `<iframe src='file:///etc/passwd'>`. **Recommendations** As a temporary workaround, consider disabling the "/convert/html" endpoint until a patch is available. Restrict access to internal system files to minimize the risk of exploitation. Avoid using the `src` attribute in HTML elements within the "/convert/html" endpoint to refer to internal system files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.