PT-2024-18941 · Gotenberg · Gotenberg
Filip Ochnik
·
Published
2024-07-19
·
Updated
2026-03-31
·
CVE-2024-21527
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0
github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0
github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0
Description
The issue allows for Server-side Request Forgery (SSRF) via the "/convert/html" endpoint. An attacker can exploit this by making a request to a file via localhost, such as using an iframe to access sensitive files like "/etc/passwd". This can lead to local file inclusion, enabling the reading of sensitive files on the host system.
Recommendations
For github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0, consider using the --chromium-deny-list and --chromium-allow-list flags as a workaround.
For github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0, consider using the --chromium-deny-list and --chromium-allow-list flags as a workaround.
For github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0, consider using the --chromium-deny-list and --chromium-allow-list flags as a workaround.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gotenberg