Universal Office Converter
1 CVEs
product
Monthly
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SSRF
Universal Office Converter
NVD
GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-17400
PyPI
EPSS 2%
CVSS 7.5
HIGH
POC
PATCH
This Week
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
SSRF
Universal Office Converter
NVD
GitHub