CRITICAL🇵🇱 Wersja polska

CVE-2020-13452

CVSS 9.8v3.1pub. 2021-01-07upd. 2024-11-21

In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Thecodingmachine Gotenberg

    APP
    Thecodingmachine
    ≤ 6.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References

Related vulnerabilities

CVE-2026-42589CRITICAL9.8PL ✓ten sam produkt

Gotenberg: command injection w endpoincie zapisu metadanych PDF via ExifTool

CVE-2026-42596CRITICAL9.4PL ✓ten sam produkt

SSRF w Gotenberg — ominięcie deny-list przez IPv6-mapped adresy

CVE-2026-40281CRITICAL10.0PL ✓ten sam produkt

Gotenberg: injection w wartościach metadanych — zapis plików i symlinki

CVE-2020-13451CRITICAL9.8ten sam produkt

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attack...

CVE-2020-13450CRITICAL9.8ten sam produkt

A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to u...