Server-side Request Forgery (SSRF) Affecting github.com/thecodingmachine/gotenberg Open this link in a new tab package, versions <7.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
26 Feb 2021
19 Jan 2021
Elavon Payments (@etsms)
How to fix?
github.com/thecodingmachine/gotenberg to version 7.0.0 or higher.
github.com/thecodingmachine/gotenberg is a Docker-powered stateless API for PDF files.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the
/convert/html endpoint when the
src attribute of an HTML element refers to an internal system file, such as