Ninjagpt

**Name of the Vulnerable Software and Affected Versions** birkir prime versions prior to 0.4.0.beta.0 **Description** The software contains a cross-site request forgery issue in its GraphQL endpoint. Attackers can exploit GET-based query requests to perform unauthorized actions against privileged users by manipulating GraphQL query parameters. The ''GraphQL endpoint'' is susceptible to malicious GET requests. **Recommendations** Update birkir prime to a version greater than 0.4.0.beta.0.

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery (SSRF) when converting HTML to PDF using the `/api/v1/convert/html/pdf` endpoint. This occurs because the security sanitizer used during HTML processing can be bypassed, allowing unauthorized requests to external resources. The backend utilizes a third-party tool for this conversion process. Recommendations: Upgrade to version 1.1.0 or later.

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. The “convert file to pdf” functionality, accessible via the `/api/v1/convert/file/pdf` API endpoint, is susceptible to Server-Side Request Forgery (SSRF) during the file conversion process. This occurs because the application utilizes LibreOffice’s unoconvert tool for conversion. Recommendations: Upgrade to version 1.1.0 or later.

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0 Description: Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery (SSRF) when utilizing the `/api/v1/convert/markdown/pdf` endpoint to convert Markdown to PDF. The backend's security sanitizer can be bypassed, leading to the SSRF condition. Recommendations: Upgrade to Stirling-PDF version 1.1.0 or later.