This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Gotenberg's metadata endpoint fails to sanitize **values** (only keys were fixed). <br>π₯ **Consequence**: Attackers inject newlines to split ExifTool commands.β¦
π¦ **Vendor**: Gotenberg. <br>π **Affected**: Versions **v8.30.1 and earlier**. <br>π³ **Context**: Docker-based stateless PDF API service. If you run an older version, you are vulnerable. β οΈ
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Actions**: Rename processed PDFs, move files to arbitrary paths, overwrite files, or create **Symlinks/HardLinks** anywhere in the container filesystem. <br>π **Impact**: High Integrity & Availability loss.β¦
π **Auth**: **None required**. Unauthenticated. <br>π― **Config**: Low complexity. Direct API access to metadata endpoints. <br>π **Verdict**: Extremely easy to exploit if the service is exposed. πͺπ
Q6Is there a public Exp? (PoC/Wild Exploitation)
π« **Public Exp**: No specific PoC code provided in the data. <br>π **Status**: Advisory published. Likely exploitable via manual crafting of metadata values with newlines. β³
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for Gotenberg services. <br>π§ͺ **Test**: Send metadata requests with **newline characters** (`\n`) in the **value** field.β¦
π οΈ **Fix**: Upgrade to version **> v8.30.1**. <br>π **Source**: Commit `405f106` and GHSA advisory `q7r4-hc83-hf2q` confirm the fix. πβ
Q9What if no patch? (Workaround)
π§ **Workaround**: If upgrading is impossible, **restrict network access** to the metadata endpoint. <br>π‘οΈ **Mitigate**: Implement WAF rules to block newline characters in metadata values. π§±
Q10Is it urgent? (Priority Suggestion)
π₯ **Priority**: **CRITICAL**. <br>π¨ **Reason**: Unauthenticated, easy exploitation, high impact (file system manipulation). Patch immediately! πββοΈπ¨