cve/2020/CVE-2020-13449.md

CVE-2020-13449

Description

A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files.

POC

Reference

• http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html
• http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/br0xpl/gotenberg_hack