Lucene search
K

250 matches found

OSV
OSV
added 2026/05/07 12:57 a.m.23 views

GHSA-2PMR-289P-44R3 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References3
OSV
OSV
added 2026/05/07 12:57 a.m.4 views

GHSA-RM4C-XJ6X-49MW Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

8.2CVSS5.9AI score0.00245EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/07 12:57 a.m.26 views

Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

8.2CVSS5.9AI score0.00245EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/07 12:55 a.m.9 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the metadata process. An attacker can rename, move, or create links to files within the container by submitting specially crafted metadata values that bypass the intended blocklist. This may also...

8.8CVSS5.8AI score0.0029EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 12:55 a.m.15 views

Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/07 12:55 a.m.15 views

GHSA-7V3R-M9C8-R855 Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/07 12:55 a.m.12 views

Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection

Unauthenticated RCE in Gotenberg via Metadata Key Newline Injection Summary Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6.6AI score0.0295EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/05/07 12:55 a.m.10 views

GHSA-RQGH-GXV4-6657 Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection

Unauthenticated RCE in Gotenberg via Metadata Key Newline Injection Summary Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

9.8CVSS6.6AI score0.0295EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38380

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description An unauthenticated remote attacker can achieve OS command execution via the '/forms/pdfengines/metadata/write' endpoint. The application accepts a JSON metadata object and passes its keys to...

9.8CVSS6.2AI score0.0295EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.29 views

PT-2026-38381

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References9
NVD
NVD
added 2026/05/06 9:16 p.m.8 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS0.00611EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/06 8:46 p.m.32 views

CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS0.00611EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/06 8:46 p.m.13 views

CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00611EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:46 p.m.6 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00611EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/06 8:46 p.m.40 views

CVE-2026-40281

Gotenberg 8.x (

10CVSS6AI score0.00611EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.45 views

Gotenberg 参数注入漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained a parameter injection vulnerability. This vulnerability stemmed from the fact that the metadata writing...

10CVSS5.9AI score0.00611EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/05 8:39 p.m.28 views

CVE-2026-39383 Gotenberg unauthenticated blind SSRF via unfiltered webhook URL

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

6.9CVSS0.00236EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 8:39 p.m.6 views

CVE-2026-39383

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

6.9CVSS6AI score0.00236EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 8:39 p.m.6 views

CVE-2026-39383 Gotenberg unauthenticated blind SSRF via unfiltered webhook URL

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a crafted URL in the Gotenberg-Webhook-Url request header. Th...

6.9CVSS6AI score0.00236EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 8:39 p.m.13 views

CVE-2026-39383

Gotenberg (v8.x) is vulnerable to an unauthenticated blind SSRF via the Gotenberg-Webhook-Url header. In 8.29.1, the FilterDeadline gate returns nil when both allow-list and deny-list are empty, allowing outbound HTTP POSTs to arbitrary destinations and enabling internal network probing, forced P...

7.2CVSS6AI score0.00236EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder