Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: gotenberg

Found 2 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-35458
updated 3 weeks, 4 days ago by @LeSuisse Activity log
  • Created suggestion 3 weeks, 5 days ago
  • @LeSuisse ignored
    3 packages
    • python312Packages.gotenberg-client
    • python313Packages.gotenberg-client
    • python314Packages.gotenberg-client
    3 weeks, 4 days ago
  • @LeSuisse accepted 3 weeks, 4 days ago
  • @LeSuisse published on GitHub 3 weeks, 4 days ago
Gotenberg has a ReDoS via extraHttpHeaders scope feature

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.

Affected products

gotenberg
  • ==<= 8.29.1

Matching in nixpkgs

Ignored packages (3)

Package maintainers

Published
Permalink CVE-2026-27018
updated 1 month ago by @mweinelt Activity log
  • Created suggestion 1 month ago
  • @mweinelt ignored
    3 packages
    • python312Packages.gotenberg-client
    • python313Packages.gotenberg-client
    • python314Packages.gotenberg-client
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.

Affected products

gotenberg
  • ==< 8.29.0

Matching in nixpkgs

Ignored packages (3)

Package maintainers

https://github.com/gotenberg/gotenberg/security/advisories/GHSA-jjwv-57xh-xr6r