CVE-2020-21365

HIGH

Wkhtmltopdf < 0.12.5 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.

Exploits (3)

nomisec NO CODE

by andrei2308 · poc

https://github.com/andrei2308/CVE-2020-21365-PoC

View Code ZIP pw:eip

nomisec STUB

by andrei2308 · poc

https://github.com/andrei2308/CVE-2020-21365

View Code ZIP pw:eip

nomisec NO CODE

by samaellovecraft · poc

https://github.com/samaellovecraft/CVE-2020-21365

View Code ZIP pw:eip

References (2)

Core 2

Core References

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2022/10/msg00027.html

Exploit, Issue Tracking, Third Party Advisory

https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536

Scores

CVSS v3 7.5

EPSS 0.0046

EPSS Percentile 64.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

debian/debian_linux 10.0

wkhtmltopdf/wkhtmltopdf < 0.12.5

Published Aug 15, 2022

Tracked Since Feb 18, 2026