Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/04/30 5:19 p.m.16 views

Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection

Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...

7.8CVSS5.3AI score0.00463EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/30 5:19 p.m.5 views

GHSA-5Q7P-7JGV-WW56 Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection

Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...

9.3CVSS5.8AI score0.00463EPSS
Exploits1References6
CVE
CVE
added 2026/03/30 8:14 p.m.25 views

CVE-2026-27018

CVE-2026-27018 affects Gotenberg and is a case-insensitive URL-scheme bypass of the prior fix for CVE-2024-21527. The root cause is a case-sensitive deny-list regex in Chromium URL handling, allowing mixed-case or uppercase schemes to bypass the deny-list. The issue has been patched in Gotenberg ...

8.8CVSS5.7AI score0.00538EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 4:16 p.m.14 views

Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3)

Impact The fix introduced in version 8.1.0 for GHSA-rh2x-ccvw-q7r3 CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. The default --chromium-deny-list value is ^file:?!///tmp/.. This regex is anchored to lowercase file: at the start. However, per RFC 3986 Section 3.1, URI...

8.8CVSS6AI score0.00574EPSS
Exploits1References7Affected Software2
Rows per page
Query Builder