Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::ffff:127.0.0.1]:... and reach loopback or private HTTP services that the default deny-list is intended to block. This crosses a real security boundary because an external caller can force the server to make outbound requests to internal-only targets. This vulnerability is fixed in 8.31.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LThecodingmachine Gotenberg
APPThecodingmachine< 8.31.0
Related vulnerabilities
Gotenberg: command injection w endpoincie zapisu metadanych PDF via ExifTool
Gotenberg: injection w wartościach metadanych — zapis plików i symlinki
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attack...
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to u...
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an at...