Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature

Summary Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely. Details Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns...

CVE-2026-35458 Gotenberg has a ReDoS via extraHttpHeaders scope feature

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

UBUNTU-CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

CVE-2026-34519 AIOHTTP: HTTP response splitting via \r in reason phrase

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

Information Disclosure

github.com/rancher/rancher is vulnerable to Information Disclosure. The vulnerability is due to improper handling of Impersonate-Extra- headers, which are sent to external entities via the /meta/proxy endpoint, allowing an attacker to access identifiable or sensitive information such as email...

CVE-2025-54468

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

CVE-2025-54468

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

CVE-2025-54468

CVE-2025-54468 affects Rancher Rancher Manager. It describes that Impersonate-Extra-* headers are sent to external services via the /meta/proxy endpoint, potentially exposing identifiers such as email addresses. Connected records reference Rancher-related advisories (GO-2025-3982) noting that the...

CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

SUSE CVE-2025-54468

A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses...

GHSA-MJCP-RJ3C-36FR Rancher sends sensitive information to external services through the `/meta/proxy` endpoint

Impact A vulnerability has been identified within Rancher Manager whereby Impersonate-Extra- headers are being sent to an external entity, for example amazonaws.com, via the /meta/proxy Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses. If...

PT-2025-39666

Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description A flaw exists in Rancher Manager that allows sensitive information...

AZL-11465 CVE-2022-4055 affecting package xdg-utils 1.1.3-7

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

Fedora 17 : claws-mail-3.9.0-1.fc17 / claws-mail-plugins-3.9.0-2.fc17 (2012-18558)

Added IMAP server side search - Added the file .claws-mail/extraheaderrc which holds editable extra headers to be added to compose window combobox - Added 'Select html part of multipart messages' to the Folder Properties - GnuPG: Consider marginal signature validity as untrusted - The mimeview...

Mandrake Linux Security Advisory : lynx (MDKSA-2003:023)

A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWWHOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be...