Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.3 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

9.8CVSS5.9AI score0.00497EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 3:17 p.m.9 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

9.8CVSS0.00497EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:24 p.m.4 views

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

8.7CVSS5.9AI score0.00497EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 2:24 p.m.19 views

CVE-2026-35458

Gotenberg CVE-2026-35458 affects the Chromium module of Gotenberg (forms/chromium/screenshot/url) where user-supplied scope patterns are compiled with dlclark/regexp2 without a timeout, enabling ReDoS/backtracking that can hang workers and impact availability. Affected code paths and versions are...

9.8CVSS5.9AI score0.00497EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:24 p.m.17 views

CVE-2026-35458 Gotenberg has a ReDoS via extraHttpHeaders scope feature

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

8.7CVSS0.00497EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30852

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.29.1 and earlier Description Gotenberg uses the dlclark/regexp2 library to compile user-supplied scope patterns without a timeout. This allows users with access to features utilizing this logic to potentially hang workers...

9.8CVSS5.9AI score0.00497EPSS
Exploits1References8
Rows per page
Query Builder