Vulnerabilities > Thecodingmachine > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-07 | CVE-2020-13452 | Incorrect Default Permissions vulnerability in Thecodingmachine Gotenberg In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | 9.8 |
| 2021-01-07 | CVE-2020-13451 | Incomplete Cleanup vulnerability in Thecodingmachine Gotenberg An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros. | 9.8 |
| 2021-01-07 | CVE-2020-13450 | Path Traversal vulnerability in Thecodingmachine Gotenberg A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. | 9.8 |