Attack Chain

1. The attacker sends a POST request to /forms/pdfengines/metadata/write with a PDF file and a metadata JSON object.
2. The JSON object contains a key with embedded newline characters (\n). For example: "Title\\n-if\\nsystem('id')||1\\n-Comment": "x".
3. Gotenberg’s backend deserializes the JSON object. The \n character is preserved.
4. The crafted key is passed to the go-exiftool library.
5. go-exiftool writes the key verbatim to ExifTool’s stdin, splitting it into separate arguments: -Title, -if, system('id')||1, -Comment=x.
6. ExifTool executes the system('id') command due to the -if flag, which evaluates Perl expressions.
7. The attacker exfiltrates the command output via out-of-band techniques, such as an HTTP callback.
8. The server responds with HTTP 200 and a valid PDF file.

Impact

Successful exploitation allows an unauthenticated attacker to execute arbitrary commands as the Gotenberg process user, which is gotenberg (UID 1001) and a member of the root group in the default Docker image. This enables the attacker to read and write files, establish reverse shells, or pivot to other systems in the network. Because the vulnerability requires no authentication and provides no error signal, any Gotenberg instance exposed to an untrusted network is at risk of complete compromise.

Recommendation

• Implement input validation within Gotenberg to reject metadata keys containing control characters such as \n, \r, and \x00. Reference the code example in the advisory (strings.ContainsAny).
• Deploy the following Sigma rule to detect exploitation attempts by identifying requests with newline characters in the metadata parameter.
• Place Gotenberg behind an authenticated reverse proxy to prevent direct access from untrusted networks.
• Monitor webserver logs for POST requests to the /forms/pdfengines/metadata/write endpoint, as this is the entry point for the attack. Enable webserver logging to capture request parameters.