Vulnerabilities > CVE-2019-17400 - Server-Side Request Forgery (SSRF) vulnerability in Universal Office Converter Project Universal Office Converter

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2019-10-21

Updated: 2024-11-21

Summary

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.

Part	Description	Count
Application	Universal_Office_Converter_Project Universal Office Converter Project Universal Office Converter - Universal Office Converter Project Universal Office Converter 0.1 Universal Office Converter Project Universal Office Converter 0.2 Universal Office Converter Project Universal Office Converter 0.3 Universal Office Converter Project Universal Office Converter 0.4 Universal Office Converter Project Universal Office Converter 0.5 Universal Office Converter Project Universal Office Converter 0.6 Universal Office Converter Project Universal Office Converter 0.7 Universal Office Converter Project Universal Office Converter 0.8 Universal Office Converter Project Universal Office Converter 0.8.2	10