CVE-2024-21527 HIGH

CVE-2024-21527

Vendor N/A
Product github.com/gotenberg/gotenberg/v8/pkg/gotenberg
Weakness CWE-918 · SSRF
Published July 19, 2024
Last update September 5, 2024
View on NVD All CVEs

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P

What the vulnerability does

01Description

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as <iframe src="\\localhost/etc/passwd">. By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read on the host system. Workaround An alternative is using either or both --chromium-deny-list and --chromium-allow-list flags.

Key dates

02Disclosure timeline

July 19, 2024 CVE published
September 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-35172 WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability CVE-2024-25915 WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Server Side Request Forgery (SSRF) CVE-2025-49877 WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability CVE-2024-31991 Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225) CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability