Tag

Argument-Injection

1 brief RSS

Gotenberg ExifTool Argument Injection via Metadata Values

Gotenberg version 8.30.1 and earlier is vulnerable to argument injection, where an unauthenticated attacker can inject arbitrary ExifTool pseudo-tags via newline characters in metadata values, leading to arbitrary file manipulation within the container filesystem.

Gotenberg <= 8.30.1 argument-injection vulnerability container

2r 1t Jan 2, 2024