First published: Thu Jul 20 2023(Updated: )
It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive information.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/wkhtmltopdf | <0.12.5-1ubuntu0.1 | 0.12.5-1ubuntu0.1 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/wkhtmltopdf | <0.12.4-1ubuntu0.1~esm1 | 0.12.4-1ubuntu0.1~esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/wkhtmltopdf | <0.12.2.4-1ubuntu0.1~esm1 | 0.12.2.4-1ubuntu0.1~esm1 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/wkhtmltopdf | <0.9.9-4ubuntu0.1~esm1 | 0.9.9-4ubuntu0.1~esm1 |
Ubuntu Ubuntu | =14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this wkhtmltopdf vulnerability is USN-6232-1.
The affected software for this vulnerability is wkhtmltopdf on Ubuntu 14.04, 16.04, 18.04, and 20.04.
This vulnerability can allow an attacker to expose sensitive information if a specially crafted HTML file is processed by wkhtmltopdf.
To fix this vulnerability, update wkhtmltopdf to version 0.12.5-1ubuntu0.1 or later if you are using Ubuntu 14.04, 16.04, 18.04, or 20.04.
You can find more information about this vulnerability at the following links: 1. [CVE-2020-21365](https://ubuntu.com/security/CVE-2020-21365) 2. [Ubuntu Security Notice](https://ubuntu.com/security/notices/USN-6232-1)