Stirling-PDF Server-Side Request Forgery Vulnerability in Markdown to PDF Conversion

A server-side request forgery (SSRF) vulnerability has been identified in Stirling-PDF versions prior to 1.1.0. The issue arises in the '/api/v1/convert/markdown/pdf' endpoint, where the application converts Markdown files to PDF. The conversion process involves a third-party tool that is supposed to sanitize the input for security. However, this sanitization can be bypassed, allowing for SSRF attacks. The vulnerability has been patched in version 1.1.0.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server to make requests on their behalf. This could potentially lead to unauthorized access to internal services or resources.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/v1/convert/markdown/pdf' endpoint with a Markdown file that includes an image tag. The 'src' attribute of the image tag should point to a server that can capture the request, demonstrating the SSRF vulnerability. This can be done by using a service that logs incoming requests, such as a simple web server or a request bin service.

Remediation

Users can update to Stirling-PDF version 1.1.0 or later, where this vulnerability has been patched.