Allocation of Resources Without Limits or Throttling

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extraHttpHeaders field in the /forms/chromium/screenshot/url endpoint,...

GHSA-FMWG-QCQH-M992 Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature

Summary Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely. Details Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns...

CVE-2026-35458 Gotenberg has a ReDoS via extraHttpHeaders scope feature

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

curl: CRLF Injection in `--proxy-header` allows extra HTTP headers (CWE-93)

Hello Team, There is a bug in curl where a user can inject new HTTP headers into a proxy request by using special characters in the --proxy-header option. This is done by adding \r\n carriage return + line feed inside the header value. This breaks the HTTP format and lets the user create more...

Lynx 2.8.x - Command Line URL CRLF Injection

source: https://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed CRLF characters may be included in...