Rendertron
Approved changes feed: RSS · Atom
cpe:2.3:a:google_llc:rendertron:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Google Llc (c72c74b5-1c39-5d47-98b8-8dacb6f7d99a) |
|---|---|
| Product | Rendertron (b348f83d-06a7-586c-b7ab-e2bf93dd80e0) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-8902 |
vulnerable | 2026-06-03 14:43:12.090215 |
SSRF in Rendertron
LOW (3.5)
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.
Published: 2021-02-23T12:00:16.000Z
Updated: 2024-08-04T10:12:11.061Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.