233 matches found
CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...
CVE-2026-40893
CVE-2026-40893 (Gotenberg/ExifTool blocklist bypass) Prior to 8.31.0, Gotenberg’s metadata processing only blocked the bare tag name (FileName), allowing group-prefixed tags like System:FileName to bypass the blocklist, enabling remote attackers to rename, move, or alter file permissions within t...
CVE-2026-40893 Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...
CVE-2026-40893
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...
CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...
CVE-2026-42589
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...
CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...
CVE-2026-42589
Gotenberg CVE-2026-42589: The issue is an unauthenticated remote code execution in Gotenberg
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204 - ExifTool Arbitrary Code Execution An upgrade...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...
Gotenberg 操作系统命令注入漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...
CVE-2026-43893
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...
CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...
CVE-2026-43893
CVE-2026-43893 affects the node package exiftool-vendored , which starts ExifTool in -stay_open True -@ - mode and reads arguments from stdin. In affected versions prior to 35.19.0, attacker-controlled strings could contain line delimiters, causing a single argument to split into multiple ExifToo...
CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...
exiftool-vendored 参数注入漏洞
exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the “-stayopen True -” mode, where strings...
OESA-2026-2224 perl-Image-ExifTool security update
ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...
OESA-2026-2223 perl-Image-ExifTool security update
ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...
OESA-2026-2222 perl-Image-ExifTool security update
ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...