Advisories » MGASA-2022-0407

Updated wkhtmltopdf packages fix security vulnerability

Publication date: 04 Nov 2022
Modification date: 04 Nov 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2020-21365

Description

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows
remote attackers to read local files and disclose sensitive information
via a crafted html file running with the default configurations.
(CVE-2020-21365)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31023
• https://www.debian.org/lts/security/2022/dla-3158
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21365

SRPMS

8/core

• wkhtmltopdf-0.12.5-4.1.mga8