Filip Ochnik

**Name of the Vulnerable Software and Affected Versions** github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0 **Description** The issue allows for Server-side Request Forgery (SSRF) via the "/convert/html" endpoint. An attacker can exploit this by making a request to a file via localhost, such as using an iframe to access sensitive files like "/etc/passwd". This can lead to local file inclusion, enabling the reading of sensitive files on the host system. **Recommendations** For github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0, consider using the --chromium-deny-list and --chromium-allow-list flags as a workaround. For github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0, consider using the --chromium-deny-list and --chromium-allow-list flags as a workaround. For github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0, consider using the --chromium-deny-list and --chromium-allow-list flags as a workaround.