Tag

Cwe-78

1 brief RSS

Gotenberg Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg version 8.29.1 is vulnerable to unauthenticated remote code execution (RCE) due to newline injection in metadata keys passed to ExifTool, allowing arbitrary command execution via the `-if` flag.

Gotenberg 8.29.1 gotenberg rce exiftool newline-injection cwe-78

3r 1t Jan 3, 2024