—
GO-2026-4905
Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3) in github.com/gotenberg/gotenberg
Details
Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3) in github.com/gotenberg/gotenberg
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/gotenberg/gotenberg/v7
Introduced in:
0 No fixed version published yet for github.com/gotenberg/gotenberg/v7 (go modules). Pin to a known-safe version or switch to an alternative.
Go / github.com/gotenberg/gotenberg/v8
Introduced in:
0 Fixed in: 8.29.0 Fix
go get github.com/gotenberg/gotenberg/v8@v8.29.0 References
- https://github.com/gotenberg/gotenberg/security/advisories/GHSA-jjwv-57xh-xr6r [ADVISORY]
- https://github.com/gotenberg/gotenberg/commit/06b2b2e10c52b58135edbfe82e94d599eb0c5a11 [WEB]
- https://github.com/gotenberg/gotenberg/commit/8625a4e899eb75e6fcf46d28394334c7fd79fff5 [WEB]
- https://github.com/gotenberg/gotenberg/releases/tag/v8.29.0 [WEB]
- https://github.com/gotenberg/gotenberg/security/advisories/GHSA-rh2x-ccvw-q7r3 [WEB]