Количество 6
Количество 6
CVE-2025-51591
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.
CVE-2025-51591
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.
CVE-2025-51591
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.
CVE-2025-51591
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attac ...
GHSA-mcv3-ch54-xqfh
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.
BDU:2025-13963
Уязвимость библиотеки преобразования форматов разметки Pandoc языка программирования Haskell, связанная c подделкой запросов на стороне сервера, позволяющая нарушителю раскрыть защищаемую информацию
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-51591 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf. | CVSS3: 3.7 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-51591 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. | CVSS3: 4.8 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-51591 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf. | CVSS3: 3.7 | 0% Низкий | 5 месяцев назад |
| CVE-2025-51591 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attac ... | CVSS3: 3.7 | 0% Низкий | 5 месяцев назад |
| GHSA-mcv3-ch54-xqfh A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад |
 | BDU:2025-13963 Уязвимость библиотеки преобразования форматов разметки Pandoc языка программирования Haskell, связанная c подделкой запросов на стороне сервера, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу