wkhtmltopdf Archived With Critical Unpatched Flaw: .NET Developers Urged to Migrate
The wkhtmltopdf project was frozen in January 2023 and fully archived by mid-2024, meaning no further security patches will ever be released. A critical unpatched vulnerability, CVE-2022-35583, carries a CVSS score of 9.8 and allows attackers to reach internal networks via server-side request forgery through user-supplied HTML. .NET applications still using wrappers such as DinkToPdf, NReco.PdfGenerator, or Rotativa are directly exposed to this risk in production. Developers deploying on Windows can migrate to alternative .NET PDF libraries via NuGet, while Linux deployments require either a hosted REST API solution or a headless-browser approach such as Playwright or PuppeteerSharp. Experts recommend moving away from the deprecated binary immediately rather than treating it as a future cleanup task.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in