Product
Gotenberg's Chromium URL-to-PDF conversion endpoint is vulnerable to SSRF due to a lack of default protection against HTTP/HTTPS-based requests, allowing attackers to target internal IPs and cloud metadata endpoints, which can be bypassed via HTTP redirects.