Multiple high impact security vulnerabilities groupdocs viewer control .net

we are currently using groupdocs-viewer-dotnet.2.10.1

we have identified 3 vulnerabilities in this control.

can you please let us know if this is known to you and if there are patches for these vulnerabilities in later versions?

  1. SSRF in multiple document types (htm, html, doc, docx, pdf, rtf)
    links to any sources are called from the server side and therefore can bypass WAF and routing restrictions.

this can be used to access resources on the private network via GET requests though the response will not be returned.
any unsecured GET endpoints that perform an action on the private network will then be vulnerable to misuse.
the example provided is in html format however the same link can be embedded in most document types.
example document:

<img src="[http://private-endpoint.company.com.au ](http://private-endpoint.company.com.au/)” />

  1. XSS requiring no interaction in HTML documents (htm, html)
    HTML documents are displayed without any XSS sanitization.
    therefore, attack payloads can be used that will automatically execute.
    example document:

test

  1. XSS requiring click in multiple document types (htm, html, doc, docx, pdf, rtf)
    links contents are not sanitised for XSS and therefore a BLOCKED SCRIPT link can be used in the contents.

upon clicking the link the javascript will be executed.

the example provided is in html format however the same link can be embedded in most document types.

example document:

stored xss

@bkoffel,


Thanks for using GroupDocs.Viewer for .NET.

You are using a quite older version of the API which is now obsolete. We have released next generation GroupDocs.Viewer for .NET (starting from version 3.0.0) which is totally a back-end document rendering API and the front end UI has been disintegrated from it. It allows you choose between HTML based rendering and Image based rendering. You will have to create your own front end application that will be used to display/view the rendered HTML pages or images. The possibility of creating your own front end application will allow you to overcome the security vulnerabilities you have mentioned above.

We would recommend you to please have a look at the documentation of the next generation GroupDocs.Viewer for .NET. We have also provided the source code examples for you to evaluate all the features of the API. Furthermore, below mentioned sample applications will give you an idea of how to create a document viewer application using next generation API.

  • <a rel=“nofollow” href=“https://github.com/groupdocs-viewer/GroupDocs.Viewer-for-.NET/tree/master/Showcases/GroupDocs.Viewer-for-.NET-Modern-UI” class=“js-navigation-open” id=“521843134e1c3913925efb8fcc2df297-911095a95f111b5b8df9b36ba0487805aec16d74” title=“GroupDocs.Viewer-for-.NET-Modern-UI” style=“box-sizing: border-box; background-color: rgb(255, 255, 255); color: rgb(3, 102, 214); text-decoration-line: none; font-family: -apple-system, BlinkMacSystemFont, “Segoe UI”, Helvetica, Arial, sans-serif, “Apple Color Emoji”, “Segoe UI Emoji”, “Segoe UI Symbol”; font-size: 14px; white-space: nowrap;”>GroupDocs.Viewer-for-.NET-Modern-UI
  • <a rel=“nofollow” href=“https://github.com/groupdocs-viewer/GroupDocs.Viewer-for-.NET/tree/master/Showcases/GroupDocs.Viewer-for-.NET-WebForm-Modern-UI” class=“js-navigation-open” id=“e6dbae73c3e6d5cfa8ed993247268da7-f0319940b43b07d0ac5e3ad4d77b4f24677d0756” title=“GroupDocs.Viewer-for-.NET-WebForm-Modern-UI” style=“box-sizing: border-box; background-color: rgb(255, 255, 255); color: rgb(3, 102, 214); text-decoration-line: none; font-family: -apple-system, BlinkMacSystemFont, “Segoe UI”, Helvetica, Arial, sans-serif, “Apple Color Emoji”, “Segoe UI Emoji”, “Segoe UI Symbol”; font-size: 14px; white-space: nowrap;”>GroupDocs.Viewer-for-.NET-WebForm-Modern-UI

In case you find any thing difficult for you, please feel free to write us again.

Warm Regards