An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14160
Reference (s):
- https://github.com/gotenberg/gotenberg/issues/215
- https://github.com/gotenberg/gotenberg/pull/319
- https://github.com/thecodingmachine/gotenberg/releases