PT-2020-16903 · Wkhtmltopdf+1 · Wkhtml2Pdf+1

Naveen Sunkavally

Published

2020-10-30

Updated

2021-07-21

CVE-2020-28031

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions eramba versions through c2.8.1

Description The issue allows HTTP Host header injection, which can result in wkhtml2pdf PDF printing by authenticated users.

Recommendations For versions through c2.8.1, consider restricting access to authenticated users to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of wkhtml2pdf for PDF printing until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-20

Related Identifiers

CVE-2020-28031

Affected Products

Eramba

Wkhtml2Pdf

PT-2020-16903 · Wkhtmltopdf+1 · Wkhtml2Pdf+1

CVE-2020-28031

Weakness Enumeration

Related Identifiers

Affected Products

References · 5