Remote Code Execution in docker-wkhtmltopdf-aas: Command Injection via Unsanitized Options
How I found a critical command injection vulnerability in docker-wkhtmltopdf-aas, a Dockerized HTML-to-PDF web service, and achieved remote code execution as root through unsanitized user options passed to a shell command.