Frooodle

**Name of the Vulnerable Software and Affected Versions** Stirling-PDF versions prior to 0.45.0 **Description** Stirling-PDF is a locally hosted web application that allows users to perform various operations on PDF files. The application is vulnerable to SSRF-induced arbitrary file read due to WeasyPrint redefining a set of HTML tags, including `img`, `embed`, `object`, and others. This allows an attacker to read any file on the server, including sensitive files and configuration files, by attaching content from any webpage or local file to a PDF. All users utilizing this feature will be affected. **Recommendations** For versions prior to 0.45.0, update to version 0.45.0 to resolve the issue. As a temporary workaround, consider restricting access to the WeasyPrint feature until the update is applied. Additionally, restrict the use of vulnerable HTML tags, such as `img`, `embed`, and `object`, to minimize the risk of exploitation.