CRITICAL🇵🇱 Wersja polska

CVE-2020-13450

CVSS 9.8v3.1pub. 2021-01-07upd. 2024-11-21

A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Thecodingmachine Gotenberg

    APP
    Thecodingmachine
    ≤ 6.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2026-42589CRITICAL9.8PL ✓ten sam produkt

Gotenberg: command injection w endpoincie zapisu metadanych PDF via ExifTool

CVE-2026-42596CRITICAL9.4PL ✓ten sam produkt

SSRF w Gotenberg — ominięcie deny-list przez IPv6-mapped adresy

CVE-2026-40281CRITICAL10.0PL ✓ten sam produkt

Gotenberg: injection w wartościach metadanych — zapis plików i symlinki

CVE-2020-13452CRITICAL9.8ten sam produkt

In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an at...

CVE-2020-13451CRITICAL9.8ten sam produkt

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attack...