GHSA-q29v-xc37-wh5mHighCVSS 7.1
Docling: Unsafe URI and Path Handling in HTML Backend
🔗 CVE IDs covered (1)
📋 Description
Impact
The HTML backend did not perform sufficient validation during resource handling:
- Accepted
file://URIs enabling local file system access whenenable_local_fetch=True - Path resolution allowed traversal outside intended directories via
../sequences and absolute paths - Did not block internal network resources under
enable_remote_fetch=True - HTTP redirects were not validated, potentially redirecting to unintended schemes
- No resource limits for remote image downloads and
data:URIs
Patches
Fixed in versions 2.91.0 (initial fixes) and 2.94.0 (additional improvements). The fixes implement:
- Updated local path treatment: absolute files always blocked, relative paths require
enable_local_fetch=True(default: False) and containment within configuredbase_pathfor path traversal protection file://scheme stripped & treated as local path (above)- IP address validation to prevent SSRF
- HTTP redirect validation, connection and read timeouts
- Size limit for both remote images (with streaming download) and base64-decoded data URIs
Workarounds
Keep both enable_local_fetch=False and enable_remote_fetch=False (defaults) when processing untrusted HTML documents.
References
🎯 Affected products1
- pip/docling:< 2.94.0