Bug Bounty

All about electronic devices security
https://mail.bugbounty.com.au/

Server-Side Request Forgery (SSRF) in Stirling-PDF Allows Arbitrary File Access on Host

https://mail.bugbounty.com.au/viewtopic.php?t=7590

Page 1 of 1

Server-Side Request Forgery (SSRF) in Stirling-PDF Allows Arbitrary File Access on Host

Posted: Tue Aug 12, 2025 5:10 am
by Shane1145
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.

https://github.com/Stirling-Tools/Stirl ... -9mfm-g2pm
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited