3 matches found
PT-2026-56545
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description LiteLLM is a proxy server that functions as an AI Gateway for calling LLM APIs. The MCP Streamable HTTP endpoint allows an unauthenticated attacker to use a fabricated Authorization header to trigge...
GHSA-Q7R4-HC83-HF2Q Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)
Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...
Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)
Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...