{"vulnerability": "CVE-2020-1345", "sightings": [{"uuid": "740adf0a-3b3d-46d8-8074-0ee9fc14097b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13452", "type": "seen", "source": "https://t.me/cibsecurity/21790", "content": "\u203c CVE-2020-13452 \u203c\n\nIn Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-08T00:40:52.000000Z"}, {"uuid": "5058896f-e34a-43bc-9703-1fe78147a1f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13450", "type": "seen", "source": "https://t.me/cibsecurity/21791", "content": "\u203c CVE-2020-13450 \u203c\n\nA directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-08T00:40:52.000000Z"}, {"uuid": "35f65056-e490-4ac9-a635-8611bee3cb3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13451", "type": "seen", "source": "https://t.me/cibsecurity/21797", "content": "\u203c CVE-2020-13451 \u203c\n\nAn incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files and execute arbitrary code via macros.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-08T00:41:01.000000Z"}]}