CNNVD-202508-977 Information
CNNVD ID
CNNVD-202508-977
Related CVE
- CNNVD Published: 2025-08-11
Description (Chinese)
Stirling-PDF是Stirling Tools开源的一个使用 Docker 的强大、本地托管的基于 Web 的 PDF 操作工具。 Stirling-PDF 1.1.0之前版本存在代码问题漏洞,该漏洞源于Markdown转PDF功能中的清理器可被绕过,可能导致服务端请求伪造。
Description (English)
Stirling-PDF is a powerful, locally hosted Web-based PDF operating tool using Docker as an open source for Stirling Tools. There was a code gap in the pre-Stirling-PDF 1.1.0 version, which stemmed from the fact that the scrubber in the Markdown to PDF function could be bypassed and could lead to a forgery request from the service.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Stirling Tools
Published
2025-08-11
Last Modified
2026-02-24
References
https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943 https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-ff33-grr6-rmvp https://access.redhat.com/security/cve/cve-2025-55161
Patch
https://github.com/Stirling-Tools/Stirling-PDF/releases
Share on: