CVE-2024-33864

Name of the Vulnerable Software and Affected Versions linqi versions prior to 1.4.0.1

Description An issue in linqi allows for Server-Side Request Forgery (SSRF) via Document template generation. This can be achieved through remote images in process creation, file inclusion, and PDF document generation using malicious JavaScript.

Recommendations For versions prior to 1.4.0.1, update to version 1.4.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of remote images in document template generation and disabling the execution of malicious JavaScript in PDF document generation until a patch is applied.