DEBIAN-CVE-2022-35583

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-35583

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-35583.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-35583

Upstream

CVE-2022-35583

Published

2022-08-22T16:15:09Z

Modified

2025-09-18T05:19:16Z

Summary

[none]

Details

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.

References

https://security-tracker.debian.org/tracker/CVE-2022-35583

Affected packages

Debian:11 / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/debian/wkhtmltopdf?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / wkhtmltopdf

Package

Name: wkhtmltopdf
Purl: pkg:deb/debian/wkhtmltopdf?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "unimportant"
}