[Git][security-tracker-team/security-tracker][master] flag wkhtmltopdf CVE-2022-35583 unimportant
Helmut Grohne (@helmutg)
helmutg at debian.org
Wed Aug 31 12:44:08 BST 2022
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b46b41cc by Helmut Grohne at 2022-08-31T13:43:11+02:00
flag wkhtmltopdf CVE-2022-35583 unimportant
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9126,9 +9126,10 @@ CVE-2022-35585 (A stored cross-site scripting (XSS) issue in the ForkCMS version
CVE-2022-35584
RESERVED
CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to g ...)
- - wkhtmltopdf <unfixed>
+ - wkhtmltopdf <unfixed> (unimportant)
NOTE: https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently
NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249
+ NOTE: By design, wkhtmltopdf retrieves external resources. If it is employed inside a protected network in an automated way, a malicious actor may access internal resources. A user of wkhtmltopdf should restrict such access.
CVE-2022-35582
RESERVED
CVE-2022-35581
=====================================
data/dla-needed.txt
=====================================
@@ -87,10 +87,6 @@ upx-ucl (Thorsten Alteholz)
NOTE: 20220820: Programming language: C.
NOTE: 20220820: CVE-2020-27787 may be not-affected. (Chris Lamb)
--
-wkhtmltopdf
- NOTE: 20220819: Programming language: C++.
- NOTE: 20220830: No progress yet, upstream
---
zlib (Emilio)
NOTE: 20220813: Programming language: C.
NOTE: 20220813: VCS: https://salsa.debian.org/lts-team/packages/zlib/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46b41ccb8af865460ef2c1923833d64edd48fe1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b46b41ccb8af865460ef2c1923833d64edd48fe1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220831/e3554f59/attachment.htm>
More information about the debian-security-tracker-commits
mailing list