{"id":"CVE-2020-21365","details":"Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.","modified":"2026-04-09T06:59:47.055796Z","published":"2022-08-15T20:15:08.107Z","related":["MGASA-2022-0407"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00027.html"},{"type":"REPORT","url":"https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wkhtmltopdf/wkhtmltopdf","events":[{"introduced":"0"},{"last_affected":"a8ba57e1260a0430e0e9e53da05211beef4cbbc3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.12.5"}]}}],"versions":["0.10.0_beta2","0.10.0_beta4","0.10.0_rc1","0.10.0_rc2","0.11.0_rc2","0.12.0","0.12.1","0.12.2","0.12.2.1","0.12.3","0.12.4","0.12.5","0.9.0_beta1","0.9.0_beta2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-21365.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}