CVE-2022-35583: SSRF
First published: Mon Aug 22 2022(Updated: )
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wkhtmltopdf Wkhtmltopdf | =0.12.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-35583?
CVE-2022-35583 is a vulnerability in wkhtmlTOpdf 0.12.6 that allows an attacker to perform Server-Side Request Forgery (SSRF) and gain initial access to the target's system.
How severe is CVE-2022-35583?
CVE-2022-35583 has a severity rating of 9.8 (Critical).
How does CVE-2022-35583 affect wkhtmlTOpdf?
CVE-2022-35583 affects wkhtmlTOpdf version 0.12.6.
How can an attacker exploit CVE-2022-35583?
An attacker can exploit CVE-2022-35583 by injecting an iframe tag with an initial asset IP address as its source, allowing them to perform SSRF and gain access to the target's system.
Are there any references or additional resources about CVE-2022-35583?
You can find more information about CVE-2022-35583 in the following references: [PacketStormSecurity](http://packetstormsecurity.com/files/171446/wkhtmltopdf-0.12.6-Server-Side-Request-Forgery.html), [Cyber-Guy's Blog](https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently), [Google Drive](https://drive.google.com/file/d/1LAmf_6CJLk5qDp0an2s_gVQ0TN2wmht5/view?usp=sharing).
- collector/nvd-index
- vendor/wkhtmltopdf
- canonical/wkhtmltopdf wkhtmltopdf
- version/wkhtmltopdf wkhtmltopdf/0.12.6