Stirling-PDF 漏洞列表

共找到 3 个与 Stirling-PDF 相关的漏洞

📅 加载漏洞趋势中...

Stirling-PDF 服务端请求伪造漏洞（CVE-2025-55150）无POC

日期: 2025-08-13 | 影响软件: Stirling-PDF

该漏洞为当使用/api/v1/convert/html/pdf端点将HTML转换为PDF时，后端会调用第三方工具进行处理，但其代码存在可以绕过的缺陷，从而导致服务端请求伪造漏洞。
CVE-2025-55161: Stirling-PDF SSRF via Markdown POC

日期: 2025-08-01 | 影响软件: Stirling-PDF

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF.
CVE-2025-55161: Stirling-PDF SSRF via Markdown POC

日期: 2025-08-01 | 影响软件: Stirling-PDF

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF.