Stirling-PDF Server-Side Request Forgery Vulnerability in HTML to PDF Conversion Endpoint

A server-side request forgery (SSRF) vulnerability has been identified in Stirling-PDF versions prior to 1.1.0. The issue arises in the '/api/v1/convert/html/pdf' endpoint, where the application converts HTML to PDF. The backend process involves a third-party sanitizer for security, but flaws in this sanitizer can be bypassed, leading to SSRF. This vulnerability allows the manipulation of URLs that the server-side application can access, potentially leading to unauthorized data exposure or interaction with internal services.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server perform requests on their behalf. This could be used to access internal services or resources that are not normally exposed to the public.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/v1/convert/html/pdf' endpoint with a file input containing HTML that includes an image tag (or similar) pointing to a resource that can be accessed by the server. The request should be made with the 'Content-Type' set to 'multipart/form-data'.

Remediation

Users can update to Stirling-PDF version 1.1.0 or later, where this vulnerability has been patched.