Skip to content

Commit 79dd85c

Browse files
1 parent 3f2c324 commit 79dd85c

5 files changed

Lines changed: 313 additions & 0 deletions

File tree

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2j5p-7p5m-cvqr",
4+
"modified": "2026-06-03T21:14:35Z",
5+
"published": "2026-06-03T21:14:35Z",
6+
"aliases": [
7+
"CVE-2026-44022"
8+
],
9+
"summary": "Docling: Potential Path Traversal via LaTeX \\includegraphics and \\input Commands",
10+
"details": "### Impact\nThe LaTeX backend's handling of `\\includegraphics`, `\\input`, and `\\include` commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences (e.g., `../../../etc/passwd`) to:\n- Read arbitrary files from the file system accessible to the process\n- Include sensitive files in the converted document output\n- Potentially access configuration files, credentials, or other sensitive data\n\n### Patches\nFixed in version 2.91.0. The fix implements strict path validation using `Path.resolve().is_relative_to()` to ensure all resolved paths remain within the base document directory. Attempts to traverse outside the base directory are logged and blocked.\n\n### Workarounds\nAvoid processing untrusted LaTeX documents. If processing is necessary, run in a sandboxed environment with restricted file system access.\n\n### References\n- Fix release: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "docling"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "2.73.0"
29+
},
30+
{
31+
"fixed": "2.91.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/docling-project/docling/security/advisories/GHSA-2j5p-7p5m-cvqr"
42+
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/docling-project/docling"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0"
50+
}
51+
],
52+
"database_specific": {
53+
"cwe_ids": [
54+
"CWE-22"
55+
],
56+
"severity": "MODERATE",
57+
"github_reviewed": true,
58+
"github_reviewed_at": "2026-06-03T21:14:35Z",
59+
"nvd_published_at": null
60+
}
61+
}
Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j5xp-7m2f-49jv",
4+
"modified": "2026-06-03T21:15:31Z",
5+
"published": "2026-06-03T21:15:31Z",
6+
"aliases": [
7+
"CVE-2026-44019"
8+
],
9+
"summary": "Docling Core: Insufficient validation of image reference URIs",
10+
"details": "### Impact\nIn versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit.\n\nIn applications that accept untrusted image references, this may allow access to local files readable by the process or excessive memory use from large inline payloads.\n\n### Patches\nPatched in `docling-core` `2.74.1`.\nThe fix blocks local file URIs by default and adds a size limit for decoded inline image data.\n\nUsers should upgrade to:\n- `docling-core` `>= 2.74.1`\n\n### Workarounds\nIf upgrading is not immediately possible:\n- reject `file:` and `data:` image references from untrusted input\n- allow only approved local or remote image sources\n- apply input size and memory limits to processing workers\n\n### References\n- Fix release: [`v2.74.1`](https://github.com/docling-project/docling-core/releases/tag/v2.74.1)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "docling-core"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "2.5.0"
29+
},
30+
{
31+
"fixed": "2.74.1"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/docling-project/docling-core/security/advisories/GHSA-j5xp-7m2f-49jv"
42+
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/docling-project/docling-core"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/docling-project/docling-core/releases/tag/v2.74.1"
50+
}
51+
],
52+
"database_specific": {
53+
"cwe_ids": [
54+
"CWE-400",
55+
"CWE-73"
56+
],
57+
"severity": "HIGH",
58+
"github_reviewed": true,
59+
"github_reviewed_at": "2026-06-03T21:15:31Z",
60+
"nvd_published_at": null
61+
}
62+
}
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m88r-rg27-5xfg",
4+
"modified": "2026-06-03T21:14:15Z",
5+
"published": "2026-06-03T21:14:15Z",
6+
"aliases": [
7+
"CVE-2026-44020"
8+
],
9+
"summary": "Docling: Unsafe XML Entity Expansion in USPTO Patent Backend",
10+
"details": "### Impact\nThe USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could:\n- Read arbitrary files from the server filesystem\n- Perform Server-Side Request Forgery (SSRF) attacks\n- Cause denial of service through entity expansion (Billion Laughs attack)\n\nThe vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x.\n\n### Patches\nFixed in version 2.74.0. The parser now uses `defusedxml.sax.make_parser()` with secure configuration that blocks external entity resolution (`feature_external_ges=False`, `feature_external_pes=False`) while allowing DTD declarations required by USPTO files. This prevents XXE attacks while maintaining compatibility with the USPTO XML format.\n\n### Workarounds\nAvoid processing USPTO patent XML files from untrusted sources. Implement resource limits (memory, CPU time) when processing patent documents.\n\n### References\n- Fix release: [v2.74.0](https://github.com/docling-project/docling/releases/tag/v2.74.0)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "docling"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "2.13.0"
29+
},
30+
{
31+
"fixed": "2.74.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/docling-project/docling/security/advisories/GHSA-m88r-rg27-5xfg"
42+
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/docling-project/docling"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/docling-project/docling/releases/tag/v2.74.0"
50+
}
51+
],
52+
"database_specific": {
53+
"cwe_ids": [
54+
"CWE-776"
55+
],
56+
"severity": "HIGH",
57+
"github_reviewed": true,
58+
"github_reviewed_at": "2026-06-03T21:14:15Z",
59+
"nvd_published_at": null
60+
}
61+
}
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-q29v-xc37-wh5m",
4+
"modified": "2026-06-03T21:15:02Z",
5+
"published": "2026-06-03T21:15:02Z",
6+
"aliases": [
7+
"CVE-2026-47214"
8+
],
9+
"summary": "Docling: Unsafe URI and Path Handling in HTML Backend",
10+
"details": "### Impact\nThe HTML backend did not perform sufficient validation during resource handling:\n- Accepted `file://` URIs enabling local file system access when `enable_local_fetch=True`\n- Path resolution allowed traversal outside intended directories via `../` sequences and absolute paths\n- Did not block internal network resources under `enable_remote_fetch=True`\n- HTTP redirects were not validated, potentially redirecting to unintended schemes\n- No resource limits for remote image downloads and `data:` URIs\n\n### Patches\nFixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement:\n- Updated local path treatment: absolute files always blocked, relative paths require `enable_local_fetch=True` (default: False) and containment within configured `base_path` for path traversal protection\n- `file://` scheme stripped & treated as local path (above)\n- IP address validation to prevent SSRF\n- HTTP redirect validation, connection and read timeouts\n- Size limit for both remote images (with streaming download) and base64-decoded data URIs\n\n### Workarounds\nKeep both `enable_local_fetch=False` and `enable_remote_fetch=False` (defaults) when processing untrusted HTML documents.\n\n### References\n- Initial fixes: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)\n- Additional improvements: [v2.94.0](https://github.com/docling-project/docling/releases/tag/v2.94.0)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "docling"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "2.94.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/docling-project/docling/security/advisories/GHSA-q29v-xc37-wh5m"
42+
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/docling-project/docling"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/docling-project/docling/releases/tag/v2.94.0"
54+
}
55+
],
56+
"database_specific": {
57+
"cwe_ids": [
58+
"CWE-400",
59+
"CWE-73"
60+
],
61+
"severity": "HIGH",
62+
"github_reviewed": true,
63+
"github_reviewed_at": "2026-06-03T21:15:02Z",
64+
"nvd_published_at": null
65+
}
66+
}
Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-r3xg-rg9j-67fv",
4+
"modified": "2026-06-03T21:13:33Z",
5+
"published": "2026-06-03T21:13:32Z",
6+
"aliases": [
7+
"CVE-2026-44018"
8+
],
9+
"summary": "Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend",
10+
"details": "### Impact\nThe METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling:\n- XML External Entity (XXE) attacks to read local files or cause denial of service\n- Decompression bombs (zip bombs) to exhaust memory and disk space\n- Unbounded archive extraction consuming system resources\n\nAn attacker could craft malicious METS-GBS archives that, when processed, could read sensitive files, exhaust system resources, or cause application crashes.\n\n### Patches\nFixed in version 2.91.0. The fix implements:\n- Secure XML parsing with `resolve_entities=False`, `load_dtd=False`, and `no_network=True`\n- Configurable limits: 300 MB total extraction size, 10 MB per file, 1000 member count\n- Cumulative size tracking across all extractions\n- Early termination when limits are exceeded\n- Secure format detection of METS-GBS tar archives with `_detect_mets_gbs()` method: maximum file size (10 MB per file), maximum member count (1000 members), and exception handling to gracefully fail when limits are exceeded\n\n### Workarounds\nAvoid processing METS-GBS archives from untrusted sources. If necessary, pre-validate archives in an isolated environment with resource limits.\n\n### References\n- Fix release: [v2.91.0](https://github.com/docling-project/docling/releases/tag/v2.91.0)",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "docling"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "2.45.0"
29+
},
30+
{
31+
"fixed": "2.91.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/docling-project/docling/security/advisories/GHSA-r3xg-rg9j-67fv"
42+
},
43+
{
44+
"type": "PACKAGE",
45+
"url": "https://github.com/docling-project/docling"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/docling-project/docling/releases/tag/v2.91.0"
50+
}
51+
],
52+
"database_specific": {
53+
"cwe_ids": [
54+
"CWE-409",
55+
"CWE-611",
56+
"CWE-776"
57+
],
58+
"severity": "MODERATE",
59+
"github_reviewed": true,
60+
"github_reviewed_at": "2026-06-03T21:13:32Z",
61+
"nvd_published_at": null
62+
}
63+
}

0 commit comments

Comments
 (0)