Gotenberg

Gotenberg is vulnerable to a remote denial-of-service (DoS) in multipart `downloadFrom` handling, where a crafted multipart request with multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization, leading to process termination.

Gotenberg is vulnerable to Server-Side Request Forgery (SSRF) due to bypassable default deny-lists in the `downloadFrom` and `webhook` features, where case-sensitive regex matching allows attackers to use IPv6 loopback URLs to bypass the deny-list and access internal HTTP services.

Gotenberg is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient hardening in the LibreOffice conversion endpoint, allowing attackers to make outbound HTTP requests by embedding external URLs in uploaded documents, bypassing Gotenberg's SSRF filters, affecting versions up to 8.31.0, and potentially enabling access to internal services, data exfiltration, or port scanning.

The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server.

Gotenberg version 8.29.1 is vulnerable to unauthenticated remote code execution (RCE) due to newline injection in metadata keys passed to ExifTool, allowing arbitrary command execution via the `-if` flag.

Gotenberg versions 8.31.0 and earlier are vulnerable to an unauthenticated denial-of-service attack where a race condition in the webhook middleware causes a panic and process termination when handling concurrent requests.

Gotenberg version 8.30.1 and earlier is vulnerable to argument injection, where an unauthenticated attacker can inject arbitrary ExifTool pseudo-tags via newline characters in metadata values, leading to arbitrary file manipulation within the container filesystem.