CVE-2022-35583

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-35583

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35583.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-35583

Downstream

DEBIAN-CVE-2022-35583

UBUNTU-CVE-2022-35583

Published

2022-08-22T16:15:09Z

Modified

2025-10-15T14:01:56.942630Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.

References

Affected packages

Git / github.com/wkhtmltopdf/wkhtmltopdf

Affected ranges

Type: GIT
Repo: https://github.com/wkhtmltopdf/wkhtmltopdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6a57c1449797d6cb915921fb747f3ac36199241f

Affected versions

0.*

0.10.0_beta1

0.10.0_beta2

0.10.0_beta3

0.10.0_beta4

0.10.0_beta5

0.10.0_rc1

0.10.0_rc2

0.11.0_rc2

0.12.0

0.12.1

0.12.2

0.12.2.1

0.12.3

0.12.4

0.12.5

0.12.6

0.9.0_beta1

0.9.0_beta2

0.9.0_beta3

0.9.7

0.9.8

0.9.9