VDB
KO

GO-2026-4905

Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3) in github.com/gotenberg/gotenberg

Details

Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3) in github.com/gotenberg/gotenberg

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/gotenberg/gotenberg/v7
Introduced in: 0

No fixed version published yet for github.com/gotenberg/gotenberg/v7 (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/gotenberg/gotenberg/v8
Introduced in: 0 Fixed in: 8.29.0
Fix go get github.com/gotenberg/gotenberg/v8@v8.29.0

References