7.1 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Docling: Unsafe URI and Path Handling in HTML Backend
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0.
References
-
https://github.com/docling-project/docling/releases/tag/v2.94.0 x_refsource_MISC
Affected products
- ==< 2.94.0
Matching in nixpkgs
pkgs.python312Packages.docling-core
None
pkgs.python313Packages.docling-core
Python library to define and validate data types in Docling
pkgs.python314Packages.docling-core
Python library to define and validate data types in Docling
pkgs.python312Packages.docling-ibm-models
None
pkgs.python313Packages.docling-ibm-models
Docling IBM models
pkgs.python314Packages.docling-ibm-models
Docling IBM models
pkgs.pkgsRocm.python3Packages.docling-core
Python library to define and validate data types in Docling
pkgs.pkgsRocm.python3Packages.docling-ibm-models
Docling IBM models
pkgs.python313Packages.llama-index-node-parser-docling
Llama-index node_parser docling integration
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>