Unsafe URI and Path Handling in HTML Backend
Summary
Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0. A flaw was found in Docling, a document processing tool. Its HTML backend contained vulnerabilities related to unsafe handling of Uniform Resource Identifiers (URIs) and file paths. This could allow an attacker to access local files, navigate outside of intended directories (path traversal), and potentially access internal network resources (Server-Side Request Forgery or SSRF). The primary impact of this flaw is information disclosure, potentially exposing sensitive data. This is an Important vulnerability in the Docling HTML backend, which is used for document processing within Red Hat OpenShift AI. Unsafe URI and path handling could allow an attacker to craft malicious HTML content, leading to information disclosure or other impacts when processed by Docling. This risk is elevated in environments where Docling handles untrusted or user-provided documents. Red Hat severity: Important — CVSS 7.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). Weakness: CWE-22. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Mitigation checklist
- To mitigate this issue, ensure that `enable_local_fetch` and `enable_remote_fetch` are set to `False` when Docling is used to process untrusted HTML documents. These are the default settings for Docling, so no action is required unless these configurations have been explicitly changed.
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.