Jump to:

CVE-2020-21365

Jump to:

CVE-2020-21365

Package wkhtmltopdf updated to version 0.12.6-alt1 for branch sisyphus in task 274734.

Published: 2022-08-15
Modified: 2024-11-21

CVE-2020-21365

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536
https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536
[debian-lts-announce] 20221024 [SECURITY] [DLA 3158-1] wkhtmltopdf security update
[debian-lts-announce] 20221024 [SECURITY] [DLA 3158-1] wkhtmltopdf security update

Version: 2.1.0

Package wkhtmltopdf update in sisyphus on 2021-06-18

ALT-PU-2021-2024-1

Closed vulnerabilities

CVE-2020-21365