CVE-2020-21365 — Path Traversal in Wkhtmltopdf

CWE-22 — Path Traversal5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 36.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wkhtmltopdf Debian Wkhtmltopdf Debian Linux

Timeline

PublishedAug 15

Latest updateJul 20

Description

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wkhtmltopdf< wkhtmltopdf 0.12.6-1 (bookworm)

▶Debianwkhtmltopdf/wkhtmltopdf< 0.12.6-1+1

▶NVDwkhtmltopdf/wkhtmltopdf0.12.5

Also affects: Debian Linux 10.0

🔴Vulnerability Details

GHSA

GHSA-36cg-hvm7-mhwp: Directory traversal vulnerability in wkhtmltopdf through 0↗2022-08-16

▶

OSV

CVE-2020-21365: Directory traversal vulnerability in wkhtmltopdf through 0↗2022-08-15

▶

📋Vendor Advisories

Ubuntu

wkhtmltopdf vulnerability↗2023-07-20

▶

Debian

CVE-2020-21365: wkhtmltopdf - Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote at...↗2020

▶