CNNVD-202508-971 Information
CNNVD ID
CNNVD-202508-971
Related CVE
- CNNVD Published: 2025-08-11
Description (Chinese)
Stirling-PDF是Stirling Tools开源的一个使用 Docker 的强大、本地托管的基于 Web 的 PDF 操作工具。 Stirling-PDF 1.1.0之前版本存在代码问题漏洞,该漏洞源于HTML转PDF功能中的清理器可被绕过,可能导致服务端请求伪造。
Description (English)
Stirling-PDF is a powerful, locally hosted Web-based PDF operating tool using Docker as an open source for Stirling Tools. There was a code problem loophole in the pre-Stirling-PDF 1.1.0 version, which resulted from the fact that the clean-up in the HTML-PDF function could be bypassed, which could lead to the forgery of service requests.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Stirling Tools
Published
2025-08-11
Last Modified
2026-02-24
References
https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943 https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xw8v-9mfm-g2pm https://access.redhat.com/security/cve/cve-2025-55150
Patch
https://github.com/Stirling-Tools/Stirling-PDF/releases
Share on: