Known Vulnerabilities for products from Thecodingmachine
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Thecodingmachine".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35458 json | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-su... | Not Provided | 2026-04-07 | 2026-04-14 |
| CVE-2026-27018 json | Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be by... | Not Provided | 2026-03-30 | 2026-04-08 |
| CVE-2021-23345 json | All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /c... | 5.3 - MEDIUM | 2021-02-26 | 2021-03-09 |
| CVE-2020-14161 json | It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/htm... | 6.1 - MEDIUM | 2021-08-26 | 2021-09-07 |
| CVE-2020-14160 json | An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attack... | 7.5 - HIGH | 2021-08-26 | 2021-09-01 |
| CVE-2020-13452 json | In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overw... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
| CVE-2020-13451 json | An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
| CVE-2020-13450 json | A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overw... | 9.8 - CRITICAL | 2021-01-07 | 2021-01-08 |
| CVE-2020-13449 json | A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any containe... | 7.5 - HIGH | 2021-01-07 | 2021-01-08 |
Known software with vulnerabilities from Thecodingmachine
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Thecodingmachine | Gotenberg | 3.0.0 |