Anuragbathani

**Name of the Vulnerable Software and Affected Versions** Gotenberg versions prior to 8.31.0 **Description** Gotenberg fails to properly validate metadata tags passed to ExifTool, a tool used for reading and writing image, audio, and video metadata. While the software blocks specific tags like `FileName` and `Directory` to prevent unauthorized file manipulation, it does not account for group prefixes. An attacker can use `System:FileName` or `System:Directory` to bypass these checks because the system only performs an exact match against the blocked names. Additionally, the `FilePermissions` tag is entirely missing from the blocklist. This allows remote attackers to move, rename, and change permissions for arbitrary files within the container via a single HTTP request without authentication. This issue affects every endpoint that accepts the `metadata` field, including: - '/forms/chromium/convert/html' - '/forms/libreoffice/convert' - '/forms/pdfengines/merge' - '/forms/pdfengines/metadata/write' Vulnerable parameters include `System:FileName`, `System:Directory`, and `FilePermissions` within the `metadata` field. **Recommendations** Update Gotenberg to version 8.31.0. As a temporary workaround, restrict access to the `metadata` parameter in all affected API endpoints to minimize the risk of exploitation.